[Mailman-Developers] GSOC Project idea: OpenPGP integration
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 25 15:35:41 CEST 2013
On 04/25/2013 04:36 PM, Stefan Schlott wrote:
> On 25.04.2013 00:14, Abhilash Raj wrote:
>
>> 1) When a message is decrypted and then passed on between the queues, it
>> creates a security threat for the cleartext message is being held in
>> memory, even for a small time in between the runners.
>
> The Mailman server holds the key to decrypt _every_ incoming message. So
> if the server is compromised, a message temporarily held in memory is
> the least of your problems :-)
abhilash might have meant that there is a concern that a decrypted
message could be stored *on disk* in one of the queues, not just in
memory. This could be a problem if an adversary gets access to the disk
and can get access to the backing storage, even after the files have
been unlinked from the filesystem (since unlinking files doesn't
guarantee removal of all traces from the backing storage).
Of course, if the secret key for the list is kept without a passphrase
on the same filesystem or on a separate filesystem on the same backing
storage, then your risk is elevated to begin with.
Abhilash, i don't see any mention in your proposal of how you plan to
deal with the secret key material. will there be a way for mailman to
use a secret key that is stored in a password-protected form? If so, how?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130425/f47bacd1/attachment.pgp>
More information about the Mailman-Developers
mailing list