[Mailman-Developers] GSOC Project idea: OpenPGP integration
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Apr 7 01:17:12 CEST 2013
On 04/06/2013 06:53 PM, Paul Wise wrote:
> On Sun, Apr 7, 2013 at 5:19 AM, Abhilash Raj wrote:
>
>> I am a undergrad student interested in OpenPGP integration in mailman as a
>> GSOC project this summer.
neat, i'm glad to hear it!
> I'm not sure about the scope of your project but you may want to
> review some prior efforts:
>
> http://schleuder2.nadir.org/
> http://www.synacklabs.net/projects/crypt-ml/
see also:
http://non-gnu.uvt.nl/mailman-pgp-smime/
http://sels.ncsa.illinois.edu/
> My pet favourite feature from the lurker mail archiver is showing
> photos from OpenPGP keys in the archive pages.
:)
there are a lot of different ways that you might try to integrate
message encryption, message signing, etc into a mailing list. There are
also a lot of ways to make it easy for users and administrators to shoot
themselves in the foot with this stuff; and even seasoned system
administrators with years of crypto background can get wrong. :(
If i were you, Abhilash, i would start by trying to write up a concise
statement about what specific enhancement you want to make from an
end-user perspective, and what threat model your enhancement addresses.
here are three (very different) starting points as examples:
A) I want to make it so that only correctly-signed messages will be
redistributed to the list.
B) I want to make it so that no one but the list subscribers will be
able to be able to view the content of messages sent to the list.
C) I don't want the identities of anyone subscribed to the mailing list
to be known to anyone but the other subscribers.
There are layers of nuance to resolve with each of those goals. i had a
hard time keeping them that short because of all the exceptions and
questions they raised in my head when i wrote them (Hint: i'm not
convinced that either of them is actually well-defined enough to even be
considered possible), but some form of either of them might be possible
if you make them more precise.
Can you try defining what sort of feature you'd like to see implemented?
Also, key management is likely to be a large part of any project like
this. Have you thought about how a keyring for a mailing list should be
handled?
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130406/24ce02e9/attachment.pgp>
More information about the Mailman-Developers
mailing list