[Mailman-Developers] A list of discussion topics: GSoC OpenPGP Integration

[Stephen J. Turnbull]

ehrbar at greenhouse.economics.utah.edu writes:

 > I am not an expert but the encryption discussion is
 > extremely important.

We are not currently discussing encryption, but rather signing.  A
similar approach might work for signing, but it's subject to a weaker
form of the objection below.[1]

 > Are you familiar with the Secure Email Lists (SELS) project?

It's been mentioned.

 > To my limited understanding it seems to have the perfect
 > solution for mailing lists.

Nothing in email is perfect or as simple as it seems. :-)

 > From skimming your messages I did not have the sense
 > that you were discussing such a paradigm.

We aren't.  This paradigm has a serious security hole from the point
of view of Mailman in that many lists consider the filtering services
(ie, blocking certain MIME content-types) to be essential.  Since the
MTA cannot decode and Mailman doesn't decode messages, there is no way
to prevent distribution of malware.  This would at the very least be a
serious embarrassment to the operators of the allegedly "secure" list,
and in my experience a serious danger, as I know very few people who
treat "secure" systems as anything but absolutely safe, ignoring the
fact that any given security system can only handle the attack vectors
it was designed to handle.

It might be useful to add it as an additional service, but given the
responsibility that mailing list admins are expected to shoulder in
today's environment, I think it's essential that the admins have
access to the content distributed by their lists.

Steve


Footnotes: 
[1]  Although filtering is possible, the approach you describe would
require whole messages rather than parts to be filtered AFAICS.