Pavan Koli writes: (a generally good description of an approach to the problem)
> hidden from him. But if someone tries to spam the mailing list, > that person can be caught by noting his anonymous id. I'm not sure what use case you have in mind. Why would a spammer post to the anonymous list from the same address twice? If subscription (and posting) requires owner approval, such spamming is very rare anyway. > 3. I didn't come across a single mailing list for whistleblowers, > activists, or people trading very sensitive information. You won't. They have alternative channels for transmitting information, just like spies employed by governments or corporations. > Mail spoofing attempts can be stopped by encrypting mails, Encrypted lists is a different use case. You'd use digital signatures in this case. > using PGP, but there is one problem. The person encrypting the mail > would have to share their public key with everyone on the mailing > list, which can be a tedious task as the mailing lists keep on > changing in size, Key distribution in this case is easy. Just post it to the mailing list. :-) > and also mails can be leaked if public key falls into wrong hands. This isn't a real use case. Think carefully about your definition of "wrong hands" in the context of "whistleblower". > I've come up with a solution for this, these mailing lists will be > kept in a very different category from others. Here when ever a > user will register, they'll have to also provide their public key. This is in fact the same basic approach as a previous GSoC project which hasn't been integrated yet. > Problem- The list manager has to be authentic, using their public > key list subscribers can verify their authenticity I don't understand what you mean. > (Or I propose a public key for the list itself and then people can > use it to verify lists authenticity). I think this is the right solution anyway. One possibility would be to use DKIM signature technology (RFC 6376, I think). _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9