[Mailman-Developers] A list of discussion topics: GSoC OpenPGP Integration
Joost van Baal-Ilić
joostvb-mailman-developers at mdcc.cx
Sun Jun 16 10:13:44 CEST 2013
Hi,
On Sun, Jun 16, 2013 at 01:48:34AM +0900, Stephen J. Turnbull wrote:
> Abhilash Raj writes:
> >
> > This is a list of topics that probably needs to be discussed in detail
> > again. I tried to mention in breif about the discussions in past
> > personally with a someone or on mm-dev list. Please ignore the topics
> > which you feel has already reached a inference. It is a long mail though.
> >
> > * How to ensure the keys belong the email it says it does?
>
> This is not in scope for your project. Key upload is for
> bootstrapping strong authentication, therefore you should assume there
> is no strong authentication to authenticate the key upload. Man-in-
> the-middle attacks on the key upload mechanism are *way* above your
> pay grade.
>
<snip>
> > * How are we actually using the web-of-trust model of OpenPGP?
>
> We aren't. Simplistic rules like "two signatures" are not going to be
> good enough for anybody who cares. Writing a framework so that admins
> can configure the signature policy is also above your pay grade. You
> should consider providing hooks for such validation, and maybe a proof
> of concept implementation to hook into it. Something like "a key is
> considered valid if it is signed by the list-owner".
Indeed, that could work. Another way to deal with it could be: "a key is
considered valid if it is imported in the trusted keyring of the current list".
And declare deciding wether to import out of the scope of the project.
Bye,
Joost
--
Ich will in euch einen neuen Geist geben; Ich werde aus eurem Fleisch das
Herz aus Stein nehmen, und will euch geben ein Herz aus Fleisch. --Ez 36,2
http://mdcc.cx/ ※ http://ad1810.com/ ※ Eindhoven, .nl
More information about the Mailman-Developers
mailing list