[Mailman-Developers] Mailman and GPG.
Chuq Von Rospach
chuqui@plaidworks.com
Mon, 6 Nov 2000 23:07:40 -0800
At 12:54 AM -0500 11/7/00, Omri Schwarz wrote:
>Both your solution and mine do the same thing on the human
>failings angle: they allow a mail server admin to set up a list
>that does encryption for everyone, so that people learn that
>some things are best not discussed in plaintext.
no, it really doesn't, because the message is sent to the MLM in
plaintext, so it has no security at all. If you depend on the MLM to
do the encryption, you might as well not encrypt, bceause anyone
sniffing packets will have the data no proble. what you're doing is
setting up a sense of *false* security, but you're in fact leaving
things wide open. It has to be encrypted leaving the client, or it's
not secure.
>GPG version chauvinism is a must for such a project.
why? you want encryption endemic. Which implies abiliy to handle
anyone's public key and do something reasonable with it, not just
one. Otherwise, you're balkanized, and that defeats the purpose again.
>In turn, that kills the MUAs. However,
>I don't believe good GPG handling in the MUAs
>is the necessary-and-sufficient part to bring this about.
If the MUAs don't support encryption, then how will users decrypt
something the MLM encrypted? And if the MUA does support encryption
-- the MLM doens't have to.
--
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com)
Apple Mail List Gnome (mailto:chuq@apple.com)
Be just, and fear not.