[Mailman-Developers] GSOC Project idea: OpenPGP integration
Stephen J. Turnbull
stephen at xemacs.org
Mon Apr 29 14:28:27 CEST 2013
Ian Eiloart writes:
> Also, what kind of secure list would have automated processing of
> message content as a requirement?
Precisely, a list that wants to avoid this requirement:
> If a message is gpg encrypted, then every sender would require the
> public keys of every recipient, would they not?
The idea is that senders use the list's public key. The list holds
those public keys, and uses them to re-encrypt the message on a
recipient-by-recipient basis after decrypting with its own private
key.
The discussion has been about how to deal with attacks on (a) the
list's private key (including offline attacks on the hard drive) and
on (b) the temporarily decrypted text (which could end up in the clear
for a long time in a queue file or if Mailman crashes).
More information about the Mailman-Developers
mailing list