[Mailman-Developers] GSOC Project idea: OpenPGP integration
Stefan Schlott
stefan.schlott at ulm.ccc.de
Fri Apr 26 14:09:41 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25.04.2013 15:35, Daniel Kahn Gillmor wrote:
> abhilash might have meant that there is a concern that a decrypted
> message could be stored *on disk* in one of the queues, not just
> in memory.
Of course, it's a good idea to decrypt the data as late as possible in
order to avoid unnecessary mistakes.
When does mailman store received messages on disk? I can think of the
following:
- - swapping. Either you request "non-swappable" memory from your OS
(might be tricky in Python), or you encrypt your swap device with
a new, randomly generated key on every startup.
- - mailinglist archive. You simply shouldn't keep a (decrypted) archive
on the server.
- - disk queue. I don't remember if mailman persists received (but not
yet sent) mails on disk.
Addressing the last point, you can either choose to decrypt the mail
in a later stage, or (if this is a bad idea for performance reasons)
deal with this problem with an adequate system configuration, although
this is tricky and certainly error-prone. But I think it could be done
by excluding the queue from backup (unless, of course, the backup is
encrypted, which you should do anyway) and having an encrypted file
system.
Stefan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlF6boUACgkQ/fRK6HX9cHTzSACgm5bbYbTpmQ0PZAL9+VCwvcMR
hR8An2dFewlP/w3TJejzST3Fp1f4xD+9
=in7V
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list