[Mailman-Developers] GSOC Project idea: OpenPGP integration

Stephen J. Turnbull stephen at xemacs.org
Sun Apr 7 16:16:56 CEST 2013 

Abhilash Raj writes:

 > Well what i want to make it is that whenever a user sends a mail to the
 > list it should be singed with his private key so that it can be verified
 > against his public that he uploads if he wants permissions to post in the
 > list.

You mean that the user should sign it himself (or with the help of his
mail client), is that correct?

 > As the message is received by mailman its signature is verified and
 > then its encrypted and sent to each person, wherein those who
 > haven't uploaded their key will also receive an unencrypted
 > copy(with a probability that it may not be intended for them or not
 > authentic mail).

I don't understand the use case for having both encrypted and
unencrypted copies distributed.  Is the encryption intended to be
merely authentication?  But what Mailman has is by definition the
subscriber's public key; anybody might have that.  It *could* be kept
secret, but I think that's not so easy to prove.

I would have imagined that maybe Mailman would resign using its own
private key, to authenticate the list, and testify that it had
authenticated the sender.

I also don't understand what you mean by "not authentic mail".  The
original signature proves it authentic.  The subscribers may
not have the appropriate to key to verify, but in that case I don't
see why they would want to delegate it to Mailman.

I think you have a difficult task in merely specifying what you want
this system to do.  That's likely to be a couple orders of magnitude
harder than the implementation!

 > Yes, this was on the top of my mind while trying to attempt this
 > project. I learned about key-servers. I think we could setup one
 > wherein all the public key would be stored that are uploaded by
 > users and retrieved when needed.

But who watches the watcher?  That is, what does the keyserver need to
know about the key's owner, and how does the candidate subscriber
prove it to the keyserver?

I think there are lots of use cases for integrating mailing list
managers into the public key infrastructure, but you need to be
careful to specify them.  I think you probably should start with
simple use cases, like proving subscriber identity to the mailing list
manager, eg for anti-spam purposes.[1]


Footnotes: 
[1]  Even that is not a sure winner, since most users will not know
how to do this for themselves.  So it will have to be integrated into
clients, which themselves might be infected by a virus.

More information about the Mailman-Developers mailing list