[Mailman-Developers] GSOC Project idea: OpenPGP integration
Richard Wackerbarth
rkw at dataplex.net
Sat Apr 27 15:40:42 CEST 2013
I don't think that "we" have the expertise to create a "secure" system. At best, we can adopt good practices and provide an obscured traffic stream. I consider anything more to be beyond the scope of the MM project.
On Apr 27, 2013, at 8:22 AM, Stefan Schlott <stefan.schlott at ulm.ccc.de> wrote:
> On 27.04.2013 06:45, Stephen J. Turnbull wrote:
>
>>> 2. Your list has elevated security requirements. In this case, you can
>>> use gpg-agent to manage the secret key (and its passphrase).
>>
>> I don't understand what threat you propose to address in this way.
>> It's true that you can prevent the attacker from getting access to the
>> key (using agent forwarding or a token, it need not be on the exposed
>> host at all), but we're assuming he has access to the host and the
>> Mailman process.
>
> The gpg-agent approach protects you from all storage-related attacks:
> - unencrypted backups
> - physical access to the harddrive
> - etc.
>
> It does not protect from attackers who have access to the contents of
> the computer's RAM:
> - raw memory access and scanning for the secret key (requires root)
> - memory dump via DMA-enabled interfaces (firewire, pc-card, ...)
> - cold boot attacks
>
>
> Stefan
More information about the Mailman-Developers
mailing list