Re: [Mailman-Developers] GSOC, Anonymous Lists
Pavan Koli writes: (a generally good description of an approach to the problem) hidden from him. But if someone tries to spam the mailing list, that person can be caught by noting his anonymous id. I'm not sure what use case you have in mind. Why would a spammer post to the anonymous list from the same address twice? If subscription (and posting) requires owner approval, such spamming is very rare anyway. 3. I didn't come across a single mailing list for whistleblowers, activists, or people trading very sensitive information. You won't. They have alternative channels for transmitting information, just like spies employed by governments or corporations. Mail spoofing attempts can be stopped by encrypting mails, Encrypted lists is a different use case. You'd use digital signatures in this case. using PGP, but there is one problem. The person encrypting the mail would have to share their public key with everyone on the mailing list, which can be a tedious task as the mailing lists keep on changing in size, Key distribution in this case is easy. Just post it to the mailing list. :-) and also mails can be leaked if public key falls into wrong hands. This isn't a real use case. Think carefully about your definition of wrong hands in the context of whistleblower. I've come up with a solution for this, these mailing lists will be kept in a very different category from others. Here when ever a user will register, they'll have to also provide their public key. This is in fact the same basic approach as a previous GSoC project which hasn't been integrated yet. Problem- The list manager has to be authentic, using their public key list subscribers can verify their authenticity I don't understand what you mean. (Or I propose a public key for the list itself and then people can use it to verify lists authenticity). I think this is the right solution anyway. One possibility would be to use DKIM signature technology (RFC 6376, I think). ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] GSOC, Anonymous Lists
Pavan Koli writes: I have a doubt, while implementing anonymous lists do we have to store the email ids in encrypted form in the database. I have the same doubt. You need to define anonymous list. In particular, specify who is, and who is not, supposed to be able to 1. See email addresses of subscribers. 2. Figure out whether two posts are from the same person. as well whether you need to 3. Ensure that subscribers' posts can't be spoofed. As people having access to database can view the original email ids. It's worse than that. People who have access to the MTA's mail queue or can change its configuration files can see them too, as well as those who have access to MTAs on relay MX hosts and the posters' MX. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] GSOC, Anonymous Lists
I have a doubt, while implementing anonymous lists do we have to store the email ids in encrypted form in the database. As people having access to database can view the original email ids. But if we do encryption and decryption it'll add an extra overhead and slow down many operations. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] GSOC, Anonymous lists
My name is Pavan Koli I'm interested in the project idea(Anonymous lists). My rough idea of implementing it is using modifications in the schema of the database table. Just before sending of messages in the From header actual mail id will be replaced by the anonymous id. Reply-To to be the anonymous id of the sender. This is just the rough idea, I'm yet to think about the entire implementation and approach. For that please point me in the right direction and documentation. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9