On 11.04.2013 06:19, Joost van Baal-Ilić wrote: > I am Joost van Baal-Ilić. I create a PGP keypair with ID Barry Warsaw. I > sent > the public key to the list server. I sent a mail, signed with the Barry-key, > encrtypted to the listkey, with From: Barry's email address, to the list. > The listserver now distributes it to the lists subscribers, yes? The list > subscribers will believe the message is from Barry.
You would have to do some key confirmation, just like you have to click a mail confirmation link upon subscription. Next problem: Mailman will have to decrypt the message and re-encrypt it for each recipient. This also strips the signature of the original sender. How do you show to the recipients that the original message was signed (in a way which cannot be forged by any other sender)? Generally speaking PGP support would be great, the efforts Joost and I made about 10 years ago never made it beyond alpha (or beta at best) stadium... Stefan. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
