[Mailman-Developers] Mailman and GPG.

[Chuq Von Rospach]

At 12:54 AM -0500 11/7/00, Omri Schwarz wrote:

>Both your solution and mine do the same thing on the human
>failings angle: they allow a mail server admin to set up a list
>that does encryption for everyone, so that people learn that
>some things are best not discussed in plaintext.

no, it really doesn't, because the message is sent to the MLM in 
plaintext, so it has no security at all. If you depend on the MLM to 
do the encryption, you might as well not encrypt, bceause anyone 
sniffing packets will have the data no proble. what you're doing is 
setting up a sense of *false* security, but you're in fact leaving 
things wide open. It has to be encrypted leaving the client, or it's 
not secure.

>GPG version chauvinism is a must for such a project.

why? you want encryption endemic. Which implies abiliy to handle 
anyone's public key and do something reasonable with it, not just 
one. Otherwise, you're balkanized, and that defeats the purpose again.

>In turn, that kills the MUAs. However,
>I don't believe good GPG handling in the MUAs
>is the necessary-and-sufficient part to bring this about.

If the MUAs don't support encryption, then how will users decrypt 
something the MLM encrypted? And if the MUA does support encryption 
-- the MLM doens't have to.

-- 
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com)
Apple Mail List Gnome (mailto:chuq@apple.com)

Be just, and fear not.