[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs
Jan Jancar
johny at neuromancer.sk
Wed Mar 22 20:38:18 EDT 2017
On 03/22/2017 04:06 PM, Stephen J. Turnbull wrote:
> Rich Kulawiec writes:
>
> > (In the specific case, e.g., the right people using the right
> > devices with the right knowledge and self-discipline: maybe. But
> > there are not many of those cases and any of them can revert to the
> > general case in seconds with one poor decision or perhaps even
> > without one.)
>
> I'm with Richard Damon on this.
>
> FYI: Encrypted lists *are* occasionally requested. Even if we are
> forced to give up, we need to investigate this, and convince ourselves
> that there really are NO valid use cases so we can make the case that
> it's a bad idea to those users. I note that several other projects
> have created variations on encrypted lists. It's reasonable for us to
> want to learn what they are and are not good for in order to converse
> with users about their requests for encrypted lists.
>
> You have my permission to say "I told you so" if we're forced to
> abandon this as a silly idea. Until then, I think you're wasting
> bandwidth in opposing it from the get-go. Once again, I'd be happy to
> hear where our threat models are deficient once we start to talk about
> them. But none of the proposals so far have really identified a
> threat model let alone a corresponding use case! So there's nothing
> to criticize yet.
A use case I have in mind is for mailing lists that:
a) have a relatively low number of subscribers.
b) have or can establish some sort of a PGP web-of-trust, in a sense
that a subscriber has to trust the list owner's key or the list key, and
that the list owner has to trust the subscriber's key when accepting his
subscription. (this is due to fairly strong assumptions about attacker's
abilities)
c) can be anonymous (apart from obvious information stemming from b)
and no other info about subscriber's or sender's identity has to be
disclosed to other subscribers than what is now with anonymous lists.
(see Technical details in my proposal)
This is what my proposal is aiming for and what I think is a realistic
application of encrypted mailing lists.
-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20170323/c4ba8580/attachment.sig>
More information about the Mailman-Developers
mailing list