On 06/28/2013 10:11 AM, Barry Warsaw wrote: > Another complication is that keys will probably be attached to users, but > users have relationships with list across the entire Mailman installation. So > if it were list owners that were responsible for key management, how does that > cross list boundaries? What about lists on the same system but in different > domains? Does the site admin have to delegate key management responsibilities > to list owners? I can imagine some kind of attack involving a list owner who > approves a member's key for one list, and then using that to attack other > lists on the same system. Tricky business.
An OpenPGP certification of a key+userid just means that the certifier believes that the key belongs to the person who has that user ID (including the e-mail address). i think the best way to implement stephen's suggestion is that in order to be able to post to a signed-message-only list, a list member must have a key that has been certified by the list's administrator. Note that this does *not* mean that a non-list-member whose key has been certified by the list's administrator can post. List membership and key certification are orthogonal attributes; Both should be needed (plus a valid signature on the message, of course!) before a message is passed on to such a list. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9