[Mailman-Developers] OpenPGP Integration on GSoC

[Joost van Baal-Ilić]

Hi Marcos,

On Wed, Apr 10, 2013 at 10:04:04PM -0400, Daniel Kahn Gillmor wrote:
> On 04/09/2013 07:55 PM, Marcos Chavarría Teijeiro wrote:
> 
> > The problem is that I'm not sure if I understand the idea. This is how I
> > see it:
> >  1) Users summit their public key to MailMan server when they register to
> > mail list.
> >  2) The user can get MailMan Server public key
> >  3) When an user want to post a message they both sign and encrypt this
> > message. They encrypt the message using MailMan public key. Then the
> > message is sent to MailMan Server.
> >  4) MailMan decrypt the received message and check if the sign is correct
> > (with the stored public user public key). If the sign is correct, it sends
> > a message to every mail-list subscripter encrypted with each user public
> > key.
> >  5) The other user receive the email and decrypt it.
> > 
> > Is this correct?
> 
> This sounds like a reasonable proposal, though there are potentially a
> lot of gotchas in such an implementation (in particular, keyring
> management, and dealing sensibly with cryptographic failures are two
> rough spots that you probably need to tihnk more about).
> 
> Have you looked at schleuder?
<snip>

One of the issues you'd have to think about is how to deal with this:

I am Joost van Baal-Ilić.  I create a PGP keypair with ID Barry Warsaw.  I sent
the public key to the list server.  I sent a mail, signed with the Barry-key,
encrtypted to the listkey, with From: Barry's email address, to the list.
The listserver now distributes it to the lists subscribers, yes? The list
subscribers will believe the message is from Barry.

There's more than 1 way to solve this problem.  You'd have to pick one
solution.

Bye,

Joost

-- 
Perfection in design is achieved not when there is nothing left to add, but
rather when there is nothing left to take away.  --Antoine de Saint-Exupery