[Mailman-Developers] GSOC Project idea: OpenPGP integration

Fri Apr 26 20:45:19 CEST 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Apr 26, 2013, at 02:09 PM, Stefan Schlott wrote:

>- disk queue. I don't remember if mailman persists received (but not
>yet sent) mails on disk.
>
>Addressing the last point, you can either choose to decrypt the mail
>in a later stage, or (if this is a bad idea for performance reasons)
>deal with this problem with an adequate system configuration, although
>this is tricky and certainly error-prone. But I think it could be done
>by excluding the queue from backup (unless, of course, the backup is
>encrypted, which you should do anyway) and having an encrypted file
>system.

Yes, Mailman caches the messages and the metadata as it transfers the message
from queue to queue.  These two pieces of information are what make up the
.pck (Python pickle) files in the queue directories, so for example, after the
message has been moderated, it lives in a pck file until the modification
runner picks it up for processing.

One option, which might suck performance-wise, would be to decrypt the message
multiple times.  Thus the moderation queue runner would decrypt the message if
it needs to make moderation decisions based on the encrypted payload (it may
not need to though, since a lot can be discerned from the headers and other
cleartext information).  If it decides that the message is okay to post, it
would not store the decrypted message in the queue, but instead the original
message with the encrypted payload.  The next queue runner would then also
have to decrypt the message to do its processing.

OTOH, maybe that's all security theater.  If the Mailman system's private key
is available to an attacker, then having the encrypted message on disk
temporarily is probably not going to stop them from decrypting it.

- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRess/AAoJEBJutWOnSwa//rcQALx/p1Ba8a4CZWCzL2FGW+PZ
80mP+prL44VisScEJopqxx2vzCmzRNo8w0uH7UwKc2DQ4Bl8O+LdBoZs3UdZAB/9
dgSxIAMFsy78TnVngif3Ps5gESdQUAuLijkViHJGePcKNDXMYMV4hBzeqKZxCj+Q
Y1NxyJLLeuLrt3HEvQy4TAmWFA/r4UGG5QM249orv2iOtXeHlGMD+IUi4pqyolY6
qzK6WirEh+ntGLvsXHuIBSxpidG9UvRe4XmLT7/fVAUO6X5EuTBdk9NgT9d+Pw+Z
eslyngqPOf2MvV/wKLzZFytblGFog7pLOkOPbJ1UzI+KxIf8K4LMlEUG5mo2IGY+
7vOZgsD9dxzJ2kX0uk1SFR4b23jWZhrYwHAC/k03x2l3FoMvdUqb5/9+nf6C+/4K
ZyeB+exOD33TkKtTSx5iZ8HEO/1vCsENFESLeZ5M79cXQJKihyRMiAQfHXzQfR65
XZ0lCG4SB3c0QmhBSqWTxdNP01In0YcD0E5S+1JlP7HbCRhKTU0oHy45rMVSwKfC
h1luVZe74Ecuy0foL2gcNObJG6GrXEsAUfYXL5TIy8vSff5VuNVyP4j0Xq7pmPxN
XzEt0Vyyc3GTrHbBbnkX1gM4W3icxSHCt9mvCDZ8Civ46qR2pJjkTg6laPtHfLWB
02sufu7o47Z3xcGM4rbq
=pajO
-----END PGP SIGNATURE-----