[Mailman-Developers] GSOC Project idea: OpenPGP integration
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Apr 27 08:05:50 CEST 2013
On 04/27/2013 12:45 PM, Stephen J. Turnbull wrote:
> Stefan Schlott writes:
>
> > 2. Your list has elevated security requirements. In this case, you can
> > use gpg-agent to manage the secret key (and its passphrase).
>
> I don't understand what threat you propose to address in this way.
> It's true that you can prevent the attacker from getting access to the
> key (using agent forwarding or a token, it need not be on the exposed
> host at all), but we're assuming he has access to the host and the
> Mailman process.
If mailman is storing messages on-disk in an encrypted form, Stefan's
proposal mitigates the threat of an adversary with offline access to the
disk (e.g. in the event of server theft or seizure) -- no additional
message content will be revealed if such an adversary scrapes the
contents of the disk.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130427/0c080252/attachment.pgp>
More information about the Mailman-Developers
mailing list