[Mailman-Developers] GSOC Project idea: OpenPGP integration

[Stephen J. Turnbull]

Abhilash Raj writes:

 > Can you please point me in some direction to learn about the various
 > possible ways to sign a mail and/or encrypt it.

Basically that's going to be MUA-dependent.  There are standards for
this (prominently S/MIME aka RFC 5751), but whether MUAs implement it
is MUA-specific.  Also, S/MIME is not the same as using OpenPGP (I
guess that OpenPGP can be used to implement it, but I doubt that most
systems using OpenPGP actually conform to S/MIME).  I suspect that
many webmail programs and Windows MUAs do not support OpenPGP (webmail
programs generally don't support any form of secure mail AFAIK).
Other important RFCs include PKCS (RFC 2315) and Security Multiparts
for MIME (RFC 1847).  (Do check those references before implementing
them: I haven't followed this field that closely for several years,
and several of them are probably superseded by now.)

 > Also i think adding the key as a new column against the email in
 > the list of subscriber would do the work.

I still think you're getting ahead of yourself.  What work are you
talking about?  Just getting keys stored in the subscriber database
isn't much help if we haven't decided how we are going to use them.