[Mailman-Developers] GSOC Project idea: OpenPGP integration
Ian Eiloart
iane at sussex.ac.uk
Mon Apr 29 11:40:45 CEST 2013
On 27 Apr 2013, at 14:40, Richard Wackerbarth <rkw at dataplex.net> wrote:
> I don't think that "we" have the expertise to create a "secure" system. At best, we can adopt good practices and provide an obscured traffic stream. I consider anything more to be beyond the scope of the MM project.
>
Also, what kind of secure list would have automated processing of message content as a requirement? If a message is gpg encrypted, then every sender would require the public keys of every recipient, would they not? Which means that a PKI for the list holders is required. Currently outside of Mailman's scope, but if it exists, then presumably senders would be required to cryptographically sign every message. All the list needs to do is verify the signature before redistributing. THAT is going to be the main body processing requirement.
> On Apr 27, 2013, at 8:22 AM, Stefan Schlott <stefan.schlott at ulm.ccc.de> wrote:
>
>> On 27.04.2013 06:45, Stephen J. Turnbull wrote:
>>
>>>> 2. Your list has elevated security requirements. In this case, you can
>>>> use gpg-agent to manage the secret key (and its passphrase).
>>>
>>> I don't understand what threat you propose to address in this way.
>>> It's true that you can prevent the attacker from getting access to the
>>> key (using agent forwarding or a token, it need not be on the exposed
>>> host at all), but we're assuming he has access to the host and the
>>> Mailman process.
>>
>> The gpg-agent approach protects you from all storage-related attacks:
>> - unencrypted backups
>> - physical access to the harddrive
>> - etc.
>>
>> It does not protect from attackers who have access to the contents of
>> the computer's RAM:
>> - raw memory access and scanning for the secret key (requires root)
>> - memory dump via DMA-enabled interfaces (firewire, pc-card, ...)
>> - cold boot attacks
>>
>>
>> Stefan
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.ac.uk
>
> Security Policy: http://wiki.list.org/x/QIA9
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
More information about the Mailman-Developers
mailing list