[Mailman-Developers] OpenPGP Integration on GSoC
Stefan Schlott
stefan.schlott at ulm.ccc.de
Thu Apr 11 09:23:35 CEST 2013
On 11.04.2013 06:19, Joost van Baal-Ilić wrote:
> I am Joost van Baal-Ilić. I create a PGP keypair with ID Barry Warsaw. I sent
> the public key to the list server. I sent a mail, signed with the Barry-key,
> encrtypted to the listkey, with From: Barry's email address, to the list.
> The listserver now distributes it to the lists subscribers, yes? The list
> subscribers will believe the message is from Barry.
You would have to do some key confirmation, just like you have to click
a mail confirmation link upon subscription.
Next problem: Mailman will have to decrypt the message and re-encrypt it
for each recipient. This also strips the signature of the original
sender. How do you show to the recipients that the original message was
signed (in a way which cannot be forged by any other sender)?
Generally speaking PGP support would be great, the efforts Joost and I
made about 10 years ago never made it beyond alpha (or beta at best)
stadium...
Stefan.
More information about the Mailman-Developers
mailing list