[Mailman-Developers] OpenPGP Integration on GSoC
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 11 04:04:04 CEST 2013
On 04/09/2013 07:55 PM, Marcos Chavarría Teijeiro wrote:
> The problem is that I'm not sure if I understand the idea. This is how I
> see it:
> 1) Users summit their public key to MailMan server when they register to
> mail list.
> 2) The user can get MailMan Server public key
> 3) When an user want to post a message they both sign and encrypt this
> message. They encrypt the message using MailMan public key. Then the
> message is sent to MailMan Server.
> 4) MailMan decrypt the received message and check if the sign is correct
> (with the stored public user public key). If the sign is correct, it sends
> a message to every mail-list subscripter encrypted with each user public
> key.
> 5) The other user receive the email and decrypt it.
>
> Is this correct?
This sounds like a reasonable proposal, though there are potentially a
lot of gotchas in such an implementation (in particular, keyring
management, and dealing sensibly with cryptographic failures are two
rough spots that you probably need to tihnk more about).
Have you looked at schleuder? In my experience, schleuder is the most
widely-used mailing list software that maps to the model you describe,
so learning from their experiences and figuring out why they made the
implementation decisions they did would probably be helpful:
http://schleuder2.nadir.org/
You might also want to compare notes with Abhilash Raj (who has been
posting to this list), since y'all seem to be interested in similar topics.
all the best,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130410/8fe58c95/attachment.pgp>
More information about the Mailman-Developers
mailing list