On 04/26/2013 12:45 PM, Barry Warsaw wrote:
OTOH, maybe that's all security theater. If the Mailman system's private key
is available to an attacker, then having the encrypted message on disk
temporarily is probably not going to stop them from decrypting it.
I've been wondering about that... is there any time when the encrypted
message on disk would be available but the private key not?
- snapshot backups of Mailman queues but not the key
- corrupted filesystems
- unusual permissions that allow access to the queues but not the key
- mailman is only allowed to deal with encrypted messages when someone
inserts the key which is stored on another physical device?
It's probably best to keep things encrypted as much as possible just in
case there is a threat model we're not thinking of, but unless we're
doing more to protect the key, I'm not sure we're gaining much.
Terri
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
