This is split thread #3.

Justus Winter writes:

 > >  >   - Implement OpenPGP support
 > >
 > > What does that mean?
 > OpenPGP can be used to provide confidentiality and integrity for
 > email.  What exactly that means in the setting of mailing lists
 > varies by threat model and policy.

I was afraid you'd say that.  I mean, it's the right generic answer,
but I've yet to see a viable use case with a plausible threat model
for any of the implementations proposed.

 > My prototype [2] simply records associations between addresses and
 > OpenPGP certificates by consuming Autocrypt headers [3] and when
 > sending an outgoing mail opportunistically encrypting it if a
 > certificate is known.

Except for the Autocrypt part, this has been done.  But there are two
problems: nobody wants it very badly (see this post specifically
and the surrounding thread is also valuable because you'll see all the
reasons why I don't want to do this in Mailman at present, and you're
the first person in decades I think has a good shot at convincing me
otherwise! :-)  The second problem is I don't see a convincing use
case.  Note: I don't consider the opportunistic encryption aspect a
serious flaw.  Obviously this initial proposal is mostly a proof-of-
concept and most (all?) serious applications simply wouldn't send
unencrypted mail.

Mailman-Developers mailing list --
To unsubscribe send an email to
Mailman FAQ:

Security Policy:

Reply via email to