[Mailman-Developers] OpenPGP Integration on GSoC
Joost van Baal-Ilić
joostvb-mailman-developers at mdcc.cx
Thu Apr 11 09:50:49 CEST 2013
Hi (and hi Stefan!),
On Thu, Apr 11, 2013 at 09:23:35AM +0200, Stefan Schlott wrote:
> On 11.04.2013 06:19, Joost van Baal-Ilić wrote:
>
> > I am Joost van Baal-Ilić. I create a PGP keypair with ID Barry Warsaw. I sent
> > the public key to the list server. I sent a mail, signed with the Barry-key,
> > encrtypted to the listkey, with From: Barry's email address, to the list.
> > The listserver now distributes it to the lists subscribers, yes? The list
> > subscribers will believe the message is from Barry.
>
> You would have to do some key confirmation, just like you have to click
> a mail confirmation link upon subscription.
>
> Next problem: Mailman will have to decrypt the message and re-encrypt it
> for each recipient. This also strips the signature of the original
> sender.
Not necessarily, iirc.
> How do you show to the recipients that the original message was
> signed (in a way which cannot be forged by any other sender)?
>
> Generally speaking PGP support would be great, the efforts Joost and I
> made about 10 years ago never made it beyond alpha (or beta at best)
> stadium...
ACK.
Bye,
Joost
More information about the Mailman-Developers
mailing list