Hi all,

My name is Marcos Chavarría and I'm a fourth year computer science student from Galicia, Spain. I'm interested in the OpenPGP integration project for this year SoC. I have experience working with python in several university projects and I have some knowledge about crypto primitives (I made Coursera Cryptography course[1]).

The problem is that I'm not sure if I understand the idea. This is how I see it:

1. Users summit their public key to MailMan server when they register to mail list.
2. The user can get MailMan Server public key
3. When an user want to post a message they both sign and encrypt this message. They encrypt the message using MailMan public key. Then the message is sent to MailMan Server.
4. MailMan decrypt the received message and check if the sign is correct (with the stored public user public key). If the sign is correct, it sends a message to every mail-list subscripter encrypted with each user public key.
5. The other user receive the email and decrypt it.

Is this correct?

Best Regards, Marcos Chavarría

[1] https://www.coursera.org/course/crypto