[Mailman-Developers] A list of discussion topics: GSoC OpenPGP Integration

[Barry Warsaw]

On Jul 02, 2013, at 01:04 PM, Stephen J. Turnbull wrote:

>No, in Mailman 3 it is not, and cannot be, internal to OpenPGP because
>addresses are *not* Users.  There is a many-to-one (address-to-User)
>mapping (I hope; if it's many-to-many, we can probably dodge that
>bullet by allowing sets of Users in many places we'd normally expect a
>User).

You're correct, although technically addresses don't have to be associated
with users.  But if they are, they can only be associated with a single user.
Users can control multiple addresses.

While unlinked addresses are supported by the model, I don't think there's any
case where unlinked addresses are really exposed in any meaningful way that a
user or admin can utilize.  So I think if we can associate OpenPGP user ids to
email addresses, that will almost always imply an association to a user.

>However, binding an email address to a User is a Mailman operation, and at
>the point of adding an email to a User, in the scenario I'm thinking of the
>only thing Mailman has to go on is the association of a key to an email.  If
>this is the initial email for that User, there's no problem.
>
>But for additional emails, there *is* a problem.  The identification of
>existing emails with the email to be added is not necessarily guaranteed by
>the key presented.  We need to think carefully about how this works (or can
>be subverted).

Very definitely.  While it's easy to associate an address with an existing
user, it's not entirely clear how we can do that in a secure way.

-Barry