[Mailman-Developers] OpenPGP Integration on GSoC
Stefan Schlott
stefan.schlott at ulm.ccc.de
Thu Apr 11 15:13:34 CEST 2013
On 11.04.2013 14:35, Richard Damon wrote:
>> Next problem: Mailman will have to decrypt the message and re-encrypt it
>> for each recipient. This also strips the signature of the original
>> sender. How do you show to the recipients that the original message was
>> signed (in a way which cannot be forged by any other sender)?
> Decrypting and re-encrypting shouldn't break signatures as the sender
> should First sign the unencrypted message, and then encrypt it. The
> signature can then be passed on in the re-encrypted message, and people
> can do their verification of the signature.
True, the PGP file structure encapsulates the signature within the
encryption (in contrast to S/MIME, which does it vice versa). But the
standard PGP binary will strip both in one step, so keeping the
signature won't work out of the box (at least I didn't manage to do
that, I'd be really interested how to do that - would be useful for
searchable mail archives).
Stefan.
More information about the Mailman-Developers
mailing list