[Mailman-Developers] Mailman and GPG.

J C Lawrence claw@kanga.nu
Mon, 06 Nov 2000 20:55:55 -0800 

On Mon, 06 Nov 2000 14:54:38 -0500 
Omri Schwarz <ocschwar@MIT.EDU> wrote:

> The motivation I have behind asking (which can quickly drift
> off-topic for this list) is that the main reason behind the
> failure of widespread email encryption is human factors.

True.  More simply, given that most email is of a casual nature,
there is little to no return on invested effort for casual users.
They fail so see any benefit from crypting or signing their "Funny
joke" messages.

> Therefore, the right amount of social engineering will be the
> driving force in getting people to encrypt email.

You first need to create an awareness with them of the problem you
wish to solve with encryption.  Nobody, and that encludes me, is
going to go thru the bother of genning keys, getting them signed,
auditing and tracking them, and generally attempting to be
responsible here unless I've got some jolly good reason to, unless
I've got some problem that going thru all that hassle solves.

> If a mailing list exploder like what I described is available,
> people will learn not to 1. share TMI type information on any
> other kind of mailing list, or 2. share proprietary discussions on
> any other kind of mailing list.

Uhh, yeah.

> So, a list like this will 1. have no Web archiving, 2. no news
> gatewaying, and 3. rapidly expiring mailing list keypairs, Just In
> Case (TM).

This depends on what you are attempting to protect and why.  In the
case of trade secret protections, web archiving may be a significant
plus if you can also audit and control access to those archives
(S/Key etc).

There is no one model fits all.

> I'm asking this on the Mailman forum because Mailman would be
> easier to GPG-enable than Majordomo (just as eating ice cream is
> more pleasant than root canal..), and because apart from that, I
> am not picky on how this should be done, hence would be willing to
> fork Mailman to warp it for this end.

I'd argue that the crypted list problem is actually orthogonal to
the MLM software used.  The MLM never needs to be involved.  You can
involve it if you really want to, but there's not much benefit to
doing so.

-- 
J C Lawrence                                 Home: claw@kanga.nu
---------(*)                               Other: coder@kanga.nu
http://www.kanga.nu/~claw/        Keys etc: finger claw@kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--