[ mailman-Patches-646989 ] NAH6 Secure List patch: GPG plugin

Fri Oct 13 03:06:23 CEST 2006

Patches item #646989, was opened at 2002-12-02 16:07
Message generated for change (Comment added) made by s0undt3ch
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=646989&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: list administration
Group: Mailman 2.2 / 3.0
Status: Open
Resolution: None
Priority: 6
Submitted By: Rop Gonggrijp (rop)
Assigned to: Thomas Wouters (twouters)
Summary: NAH6 Secure List patch: GPG plugin

Initial Comment:
&quot;NAH6 Secure List&quot; is a patch for Mailman 2.1b5 that 
adds GPG functionality. It is built around a key-scheme 
that allows an admin to create an encrypted list for 
which even the server operator doesn't have access to 
the messages.

Only the public key for the list is given to the server, so 
it can perform 'emergency encryption' in case someone 
forgets, and all users get the public and private key for 
the list.

We think we've done a decent job of describing the new 
functionality from server-operator, list-admin and list-
member points of view. There's also a technical 
document for those familiar with the Mailman code. 
Please have a look at:

http://www.nah6.com/products/secure-list/

and follow the links from there

We feel more people need this, and we'd really like it to 
be part of the Mailman distribution at some point...

Kind Regards,

Rop Gonggrijp
Joshua Eichen

Please forgive mangling the Mailman logo on the site: if 
y'all don't like it or think it's over the top we'll use 
something else....

----------------------------------------------------------------------

Comment By: Pedro Algarvio (s0undt3ch)
Date: 2006-10-13 02:06

Message:
Logged In: YES 
user_id=927681

+1 for this patch

----------------------------------------------------------------------

Comment By: Pat Carr (pcarr)
Date: 2003-06-21 03:23

Message:
Logged In: YES 
user_id=710070

The problem with the NAH approach is that every time a
member leaves the list, the administrator needs to generate
and distribute a new key, and every remaining member would
have to remove the old list key and replace it with the new
one. This could become a logistical nightmare, and makes it
more difficult to sell this capability to a group that has
people who are email savvy, but not necessarily pgp-savvy.

I prefer the approach in patch #645297, recognizing that the
task there is to maintain strict security of the server and
the secret keys of the lists.

----------------------------------------------------------------------

Comment By: Thomas Wouters (twouters)
Date: 2003-03-10 16:16

Message:
Logged In: YES 
user_id=34209

I'm looking at this patch, but I'm a bit confused. Which is
the newer patch, v1.0 for Mailman 2.1 (uploaded last) or
v1.1 for Mailman 2.1b5 (which is linked to from the NAH6
secure-list page.)

Otherwise, the patch looks okay. There are some whitespace
issues, and the PGP specific options aren't properly
internationalized, but that can all be fixed. The patch
edits Defaults.py, but it should be Defaults.py.in (if you
want to apply to CVS before installation, anyway.) Oh, and a
'global' statement for DETAILS in the global namespace
really isn't necessary... Do you need someone to come over
and give a Python tutorial at NAH6 ? :-)

Assigning to myself so I don't forget it; if someone else
wants it, that's fine by me.

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2002-12-12 04:01

Message:
Logged In: YES 
user_id=12800

The logo's fine (plus the original is free software).

I'm defering this until after MM2.1 because we're about
ready for the first release candidate.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=646989&group_id=103