Hi Christian,
On 2/12/2021 5:01 AM, Mailman-admin wrote:
Hello
Am 11.02.21 um 19:24 schrieb Dennis Putnam:
Does anyone have any experience with this that can provide a review and/or advice? TIA.
- From the site itself: "Beware! This code has not been touched since 2010-09. Therefore, it's mainly obsolete.
DO NOT USE THIS CODE"
- In my experience the main problem is not to decrypt and encrypt emails, it is to get the public keys of your users and keep your private keys valid.
For a public encrypted mailing list server you need an S/MIME certificate *and* an PGP certificate for each list. That is, because you usually can not restrict users to one method or the other, and they are not compatible. Especially S/MIME certificates expire after some time (yearly, or up to 5 years). Your PGP certificates should expire too, for security reasons. You need to keep them both up to date with overlapping new certificates. And you need to distribute their public keys to your users.
Then you need to know the preferred encryption method of each user plus their public keys. Those will change too, therefore you need some mechanism to get the current one and keep them in sync. And make sure, to never use expired ones.
Kind regards, Christian Mack
Thanks for that info. None of it sounds insurmountable other than the code itself. If I need a secure mailman list, is there another alternative?
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus