[Mailman-Developers] GSOC Project idea: OpenPGP integration
Terri Oda
terri at zone12.com
Fri Apr 26 20:55:33 CEST 2013
On 04/26/2013 12:45 PM, Barry Warsaw wrote:
> OTOH, maybe that's all security theater. If the Mailman system's private key
> is available to an attacker, then having the encrypted message on disk
> temporarily is probably not going to stop them from decrypting it.
I've been wondering about that... is there any time when the encrypted
message on disk would be available but the private key not?
- snapshot backups of Mailman queues but not the key
- corrupted filesystems
- unusual permissions that allow access to the queues but not the key
- mailman is only allowed to deal with encrypted messages when someone
inserts the key which is stored on another physical device?
It's probably best to keep things encrypted as much as possible just in
case there is a threat model we're not thinking of, but unless we're
doing more to protect the key, I'm not sure we're gaining much.
Terri
More information about the Mailman-Developers
mailing list