[Mailman-Developers] GSOC Project idea: OpenPGP integration

[Stefan Schlott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 25.04.2013 15:35, Daniel Kahn Gillmor wrote:

> abhilash might have meant that there is a concern that a decrypted 
> message could be stored *on disk* in one of the queues, not just
> in memory.

Of course, it's a good idea to decrypt the data as late as possible in
order to avoid unnecessary mistakes.

When does mailman store received messages on disk? I can think of the
following:
- - swapping. Either you request "non-swappable" memory from your OS
  (might be tricky in Python), or you encrypt your swap device with
  a new, randomly generated key on every startup.
- - mailinglist archive. You simply shouldn't keep a (decrypted) archive
  on the server.
- - disk queue. I don't remember if mailman persists received (but not
  yet sent) mails on disk.

Addressing the last point, you can either choose to decrypt the mail
in a later stage, or (if this is a bad idea for performance reasons)
deal with this problem with an adequate system configuration, although
this is tricky and certainly error-prone. But I think it could be done
by excluding the queue from backup (unless, of course, the backup is
encrypted, which you should do anyway) and having an encrypted file
system.


Stefan.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlF6boUACgkQ/fRK6HX9cHTzSACgm5bbYbTpmQ0PZAL9+VCwvcMR
hR8An2dFewlP/w3TJejzST3Fp1f4xD+9
=in7V
-----END PGP SIGNATURE-----