Hi Marcos, On Wed, Apr 10, 2013 at 10:04:04PM -0400, Daniel Kahn Gillmor wrote: > On 04/09/2013 07:55 PM, Marcos Chavarría Teijeiro wrote: > > > The problem is that I'm not sure if I understand the idea. This is how I > > see it: > > 1) Users summit their public key to MailMan server when they register to > > mail list. > > 2) The user can get MailMan Server public key > > 3) When an user want to post a message they both sign and encrypt this > > message. They encrypt the message using MailMan public key. Then the > > message is sent to MailMan Server. > > 4) MailMan decrypt the received message and check if the sign is correct > > (with the stored public user public key). If the sign is correct, it sends > > a message to every mail-list subscripter encrypted with each user public > > key. > > 5) The other user receive the email and decrypt it. > > > > Is this correct? > > This sounds like a reasonable proposal, though there are potentially a > lot of gotchas in such an implementation (in particular, keyring > management, and dealing sensibly with cryptographic failures are two > rough spots that you probably need to tihnk more about). > > Have you looked at schleuder? <snip>
One of the issues you'd have to think about is how to deal with this: I am Joost van Baal-Ilić. I create a PGP keypair with ID Barry Warsaw. I sent the public key to the list server. I sent a mail, signed with the Barry-key, encrtypted to the listkey, with From: Barry's email address, to the list. The listserver now distributes it to the lists subscribers, yes? The list subscribers will believe the message is from Barry. There's more than 1 way to solve this problem. You'd have to pick one solution. Bye, Joost -- Perfection in design is achieved not when there is nothing left to add, but rather when there is nothing left to take away. --Antoine de Saint-Exupery _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
