[Mailman-Developers] A list of discussion topics: GSoC OpenPGP Integration

Stephen J. Turnbull stephen at xemacs.org
Sat Jun 29 06:49:26 CEST 2013 

Daniel Kahn Gillmor writes:

 > ok, of course you have priority here, but i don't think we're actually
 > disagreeing :)

Good!

 > The "simple, generic mechanism" you describe *is* key
 > manangement as far as i'm concerned, and i think it's an excellent
 > step.

OK.  I remember the context as being one of actually implementing
(automated) policy decisions.  That's where I really don't want him to
go until the more limited GSoC project is done.

 > OpenPGP certifications should attest to people's identities; those
 > identities should have permissions in mailman the same way that
 > non-cryptographically-verifiable identities have permissions in
 > mailman.
 > 
 > The semantics are simple and graspable if we say "for list X, rely on
 > OpenPGP certifications from the following keys to prove cryptographic
 > identity".

So you're suggesting that the *only* policies that should be
automatically implementable via certified key are

(0) let this guy upload this key (and implicitly create a User if
    needed), but he can't do *anything* else (not even subscribe)
    until the list owner explicitly adds authorizations,

(0.5) this guy gets the intersection of sets of privileges I ever want
    to grant to anybody, and

(1) this guy is co-owner of this list

?

 > i can see how this would be useful, but it means that there is more
 > fiddly tracking of the validity state of each (key,userid) pairing
 > that needs to be done to make this possible.

I agree it's fiddly, I agree it's not in scope for Abhilash's GSoC
project, but for Mark's[1] sake I think we need to notify users whose
status changes from valid to invalid of the reason for the change.

 > I suspect that the most common change from valid to not-valid will
 > be an expired key or an expired certification (e.g. if the list
 > owner's certification of the key expires).  for the latter case, i
 > can imagine that the certifier (the list admin) might want to be
 > notified as well.

I would interpret a certification expiry differently: as the period of
time for which permission to register the key is valid.  If we want an
expiry for User authentication, probably a generic tool for managing
that in Mailman itself would be sufficient for this purpose and useful
elsewhere.


Footnotes: 
[1]  He's the guy who does the most work on fielding problem reports
from users.

More information about the Mailman-Developers mailing list