[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs
Norbert Bollow
nb at bollow.ch
Thu Mar 16 15:10:03 EDT 2017
On Thu, 16 Mar 2017 10:46:27 -0400
Rich Kulawiec <rsk at gsp.org> wrote:
> I suggest that Mailman do nothing, because even if it solves all the
> problems that it can solve, all it will do is provide a thin veneer of
> security/privacy on top of a thoroughly rotten foundation. Yes, there
> will be small, limited cases where it'll be able to deliver on its
> promises -- because every person involved is diligent and every device
> involved is secure -- but that's clearly not the way to bet.
Even if not every device is secure, the difficulty, and likely cost,
for an attacker to snoop on the communications is much greater for an
encrypted mailing list is than for a non-encrypted one.
FWIW, I'm part of an NGO (Digital Society Switzerland,
https://digitale-gesellschaft,ch ) which uses encrypted mailing lists
for its internal communications. We use Schleuder
( https://schleuder.nadir.org/ ), which isn't perfect, but works fine
for us.
Greetings,
Norbert
>
> Moreover, none of this comes for free: there is opportunity cost,
> complexity cost, maintenance cost, interoperability cost, etc.
> In my view, it's not worth incurring all these costs to implement
> something that we already know, today, right now, is not going to
> work in the contemporary Internet environment -- because it relies
> on underlying assumptions about endpoint security that almost
> certainly won't be true as soon as the deployment scale reaches
> modest numbers.
>
> I think a better course of action is to recommend that those with the
> sort of requirements being articulated here not use mailing lists at
> all.
>
> ---rsk
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-developers/nb%40bollow.ch
>
> Security Policy: http://wiki.list.org/x/QIA9
More information about the Mailman-Developers
mailing list