[Mailman-Developers] A list of discussion topics: GSoC OpenPGP Integration
Barry Warsaw
barry at list.org
Fri Jun 28 16:11:08 CEST 2013
All great questions. Let me just add this.
On Jun 28, 2013, at 01:03 PM, Stephen J. Turnbull wrote:
>There does need to be a way for list owners to take complete control of key
>management, and there does need to be convenience in management. I think
>that the "key signed by list-owner's list-key-management-key" is an important
>step for convenience. I suspect that the hook needed to implement it would
>be able to support various policies (probably through the 'chain of rules'
>mechanism implemented in Mailman 3 core -- might require some refactoring of
>core I guess).
>
> > I like this latter proposal, and it should be pretty
> > straightforward to implement. This means, of course, that the
> > list-owner's key needs to be known to the mailman instance. could
> > there be more than one list-owner's key?
>
>Yes. As implied above, I envision there being a specific key used to
>sign for permission to do X FVO X such as subscribe, post, get member
>list, sign other people's keys (Web of Trust!), etc, so there could be
>several keys in that sense. For paranoid folks who regularly expire
>their keys, I would expect that keys might overlap in time, so there
>probably should be a list of keys for each function. In some cases
>one key will fit all, of course: "I only sign for people I trust to do
>everything a signature gives authorization to do".
Another complication is that keys will probably be attached to users, but
users have relationships with list across the entire Mailman installation. So
if it were list owners that were responsible for key management, how does that
cross list boundaries? What about lists on the same system but in different
domains? Does the site admin have to delegate key management responsibilities
to list owners? I can imagine some kind of attack involving a list owner who
approves a member's key for one list, and then using that to attack other
lists on the same system. Tricky business.
-Barry
More information about the Mailman-Developers
mailing list