[Mailman-Developers] GSOC Project idea: OpenPGP integration
Stephen J. Turnbull
stephen at xemacs.org
Sat Apr 27 06:45:37 CEST 2013
Stefan Schlott writes:
> 2. Your list has elevated security requirements. In this case, you can
> use gpg-agent to manage the secret key (and its passphrase).
I don't understand what threat you propose to address in this way.
It's true that you can prevent the attacker from getting access to the
key (using agent forwarding or a token, it need not be on the exposed
host at all), but we're assuming he has access to the host and the
Mailman process.
At a minimum you need some kind of privilege separation mechanism
within Mailman. I'd recommend a postfix-style separate process which
does all cryptographic work. But this might be a very large
performance hit.
More information about the Mailman-Developers
mailing list