[Mailman-Developers] GSOC, Anonymous Lists
Stephen J. Turnbull
stephen at xemacs.org
Mon Mar 16 07:04:51 CET 2015
Pavan Koli writes:
(a generally good description of an approach to the problem)
> hidden from him. But if someone tries to spam the mailing list,
> that person can be caught by noting his anonymous id.
I'm not sure what use case you have in mind. Why would a spammer post
to the anonymous list from the same address twice? If subscription
(and posting) requires owner approval, such spamming is very rare
anyway.
> 3. I didn't come across a single mailing list for whistleblowers,
> activists, or people trading very sensitive information.
You won't. They have alternative channels for transmitting
information, just like spies employed by governments or corporations.
> Mail spoofing attempts can be stopped by encrypting mails,
Encrypted lists is a different use case. You'd use digital signatures
in this case.
> using PGP, but there is one problem. The person encrypting the mail
> would have to share their public key with everyone on the mailing
> list, which can be a tedious task as the mailing lists keep on
> changing in size,
Key distribution in this case is easy. Just post it to the mailing
list. :-)
> and also mails can be leaked if public key falls into wrong hands.
This isn't a real use case. Think carefully about your definition of
"wrong hands" in the context of "whistleblower".
> I've come up with a solution for this, these mailing lists will be
> kept in a very different category from others. Here when ever a
> user will register, they'll have to also provide their public key.
This is in fact the same basic approach as a previous GSoC project
which hasn't been integrated yet.
> Problem- The list manager has to be authentic, using their public
> key list subscribers can verify their authenticity
I don't understand what you mean.
> (Or I propose a public key for the list itself and then people can
> use it to verify lists authenticity).
I think this is the right solution anyway. One possibility would be
to use DKIM signature technology (RFC 6376, I think).
More information about the Mailman-Developers
mailing list