[Mailman-Developers] PGP and Mailman

Brad Knowles brad at stop.mail-abuse.org
Wed Mar 2 12:37:41 CET 2005

At 8:31 AM +0100 2005-03-02, Stefan Schlott wrote:

>  This will create huge messages in large MLs.

	Each additional recipient would be a few extra bytes in the 
encrypted message.  However, since the message is compressed first, 
unless you've got a list of thousands and thousands of recipients, 
then odds are that the result would still be smaller in size than a 
message that was only PGP-signed.

>                                                Further, this will reveal
>  all recipients' key ids - something not wanted in anonymous lists.

	True.  A session key would be encrypted to each key id, so the 
key ids would be visible.  However, subscriber information is not too 
hard to get from Mailman even when it's supposedly limited to being 
available only to the admin, so I think there may be bigger fish to 
fry elsewhere.

>  Imho the tradeoff lies somewhere inbetween - encrypt messages to n
>  recipients (yet to be implemented).

	The problem is that encrypting a message is a very CPU-intensive 
process, and you don't want to figure off thousands and thousands of 
message encryption processes for every single submission -- you'd DoS 
yourself to death.  You'd have to make n pretty large in order to be 
able to make this scalable.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Developers mailing list