[Mailman-Developers] Mailman and GPG.

[Chuq Von Rospach]

>I'd argue that the crypted list problem is actually orthogonal to
>the MLM software used.  The MLM never needs to be involved.  You can
>involve it if you really want to, but there's not much benefit to
>doing so.

Except in the case of authentification of the user. It's a critical 
need there -- I'd kill for the ability to be able to verify 
subscribers via S/MIME or some other non-spoofable form. then they 
could post from anywhere, as long as their authentification worked.

This general ability - to validate an incoming e-mail, not just for 
MLM -- would be a killer app for the anti-spam folks.Anything without 
a valid signature, you dump.

But, ask me to add this support to something like Mailman, and I'll 
say no. Why? Because until the clients support it cleanly and easily 
and it's on its way towards general acceptance in the user base, it's 
wasted effort. Right now, encryption is way too nerdy, too 
complicated, and the typical user doens't see the need. Spend time 
writing support into a MLM, and it won't be used. Try to make it 
mandator, and you'll kill the MLM.

If the List-* headers are something the MLM's have to lead the pack 
in, encryption has to be led out of the mail clients, because that's 
where 95% of the utility will be. any encrpytion support in the MLM 
proper would be as an add-on to the support in the client, and it 
makes no sense to do it until the clients do it (and set the standard 
for interfacing to it). An d that's a long way off from what I see.

When I can reliably expect to find (and use) an embedded digital 
signature on an e-mail, then it's time to look at adding it to 
Mailman. Until then -- if you want encryption, go lobby the mail 
clients to add the functionaliy and make it usable and easy enough 
that people actually use it.

-- 
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com)
Apple Mail List Gnome (mailto:chuq@apple.com)

Be just, and fear not.