[Mailman-Developers] GSOC Project idea: OpenPGP integration
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Apr 27 08:01:43 CEST 2013
On 04/27/2013 01:36 PM, Stephen J. Turnbull wrote:
> without a complete redesign starting
> from the assumption of encrypted messages whose plain text must
> be exposed as briefly as possible.
At least one project suggests that it may be possible to operate an
encrypted mailing list such that the automated remailing daemon does not
have any access to the cleartext body of the messages, and the mailing
list members don't need to do any key management of other members of the
list. SELS does this through some interesting cryptographic techniques,
and was actually built on top of unmodified mailman, afaict:
http://sels.ncsa.illinois.edu/
If you're interested in looking for ways that mailman could provide list
members with message content protection even in the face of an
exploitable bug in mailman itself, this might be an interesting approach
to consider (e.g. perhaps SELS could be revived and integrated directly).
for the record: I have never run an SELS server, and have never read the
code. I just think it's an interesting idea.
just a thought,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130427/96ff1a78/attachment.pgp>
More information about the Mailman-Developers
mailing list