[Mailman-Users] Mailman security question

Lindsay Haisley fmouse-mailman at fmp.com
Tue May 7 04:10:50 CEST 2013

On Tue, 2013-05-07 at 10:40 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
>  > Is there any support in any version of Mailman for total end to end
>  > message security?
> Not in a distributed version, although as mentioned in another post
> there's a patch.  There's a GSoC proposal to implement some such thing
> for Mailman 3, with a reasonable UI for handling user pubkey and such,
> but I can't say at this point whether that project will be approved
> (Google rules).
> Also, "total end to end security" is a fantasy.  The attack surface in
> the mail system is huge, even if the messages are encrypted in
> transport.  Without specifying what the "ends" are (workstations? 
> MTAs? users?) and whether traffic analysis or a court-authorized
> "wiretap" at the Mailman site is considered a threat, I can't help you
> on whether any given system might be considered "secure" or not.

My thought is that "total security" would be MUA to MUA, with the
assumption that most MUAs can handle encryption using GnuPGP, Enigmail,
or some such.

Of course these days nothing is totally secure, since in a pinch, and
given a little time, a supercomputer can break even a 4096 bit, or
larger key.

This is, at this point, curiosity on my part rather than a need for this

>  > It would also, in the current political climate, doubtless be deemed to
>  > be something close to a national security threat,
> AFAIK PGP-style encryption is no longer considered munitions.  As long
> as the crypto stuff is done by third-party modules, Mailman has no
> problem, I think.  (We can distribute a ROT13 implementation without
> bothering even a member of the Bush family, let alone sophisticated
> Dems like Al Gore, The Father of the Internet as We Know It.... :-)

I suppose ROT13 would fall under just about everyone's radar ;)  I mean,
who would suspect ....

Lindsay Haisley       | "The difference between a duck is because
FMP Computer Services |    one leg is both the same"
512-259-1190          |     - Anonymous
http://www.fmp.com    |

More information about the Mailman-Users mailing list