[Mailman-Developers] GnuPG support - PGP - GPG encrypted mailing list
Stephen J. Turnbull
stephen at xemacs.org
Sun Jun 15 11:18:16 CEST 2014
Sylvain Viart writes:
> This question of distributing encrypted email to an unknown number
> of subscribers is quite interesting/dangerous in the point of view
> of securing the information.
True, but this is out of scope for this list. I'm not saying you
shouldn't discuss here if you want to, just that from the point of
view of the Mailman developers we are assuming that users have answers
to (enough of) that set of questions, and we're merely interested in
how much demand there is.
> Could you describe the goal to achieve?
One goal that Mailman is interested in is chaining trust, via
signatures. I think it's reasonable to suppose that if the original
user is supposed to sign her post, and the list verifies and resigns,
we might be able to convince some sites to whitelist those lists.
That would be worthwhile even if we never do really solve the issues
of encrypted mailing lists. I'm not sure if there are any issues with
encrypted lists that don't come up with signed lists (well, I guess
there's the issue that signed lists are useful to users even if they
don't use a PGP tool, but that's definitely out of scope for us).
> Also I noticed that despite we are in 2014, using GPG is still quite
> "repulsing" for basic user…
Sure. There's obviously no hope of getting enough yahoos[1] to sign
mail that Yahoo! will give up on "p=reject". ;-)
Footnotes:
[1] http://dictionary.reference.com/browse/yahoo. Appropriate, eh?
Note that Yahoo! almost certainly intends a different etymology....
More information about the Mailman-Developers
mailing list