This is split thread #3. Justus Winter writes:
> > > - Implement OpenPGP support > > > > What does that mean? > > OpenPGP can be used to provide confidentiality and integrity for > email. What exactly that means in the setting of mailing lists > varies by threat model and policy. I was afraid you'd say that. I mean, it's the right generic answer, but I've yet to see a viable use case with a plausible threat model for any of the implementations proposed. > My prototype [2] simply records associations between addresses and > OpenPGP certificates by consuming Autocrypt headers [3] and when > sending an outgoing mail opportunistically encrypting it if a > certificate is known. Except for the Autocrypt part, this has been done. But there are two problems: nobody wants it very badly (see this post specifically <https://mail.python.org/archives/list/mailman-us...@python.org/message/STX76KTQAEMVVGKKWGP6O46XSM2LG7SD/> and the surrounding thread is also valuable because you'll see all the reasons why I don't want to do this in Mailman at present, and you're the first person in decades I think has a good shot at convincing me otherwise! :-) The second problem is I don't see a convincing use case. Note: I don't consider the opportunistic encryption aspect a serious flaw. Obviously this initial proposal is mostly a proof-of- concept and most (all?) serious applications simply wouldn't send unencrypted mail. Steve _______________________________________________ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
