I don't think that "we" have the expertise to create a "secure" system. At best, we can adopt good practices and provide an obscured traffic stream. I consider anything more to be beyond the scope of the MM project.
On Apr 27, 2013, at 8:22 AM, Stefan Schlott <[email protected]> wrote: > On 27.04.2013 06:45, Stephen J. Turnbull wrote: > >>> 2. Your list has elevated security requirements. In this case, you can >>> use gpg-agent to manage the secret key (and its passphrase). >> >> I don't understand what threat you propose to address in this way. >> It's true that you can prevent the attacker from getting access to the >> key (using agent forwarding or a token, it need not be on the exposed >> host at all), but we're assuming he has access to the host and the >> Mailman process. > > The gpg-agent approach protects you from all storage-related attacks: > - unencrypted backups > - physical access to the harddrive > - etc. > > It does not protect from attackers who have access to the contents of > the computer's RAM: > - raw memory access and scanning for the secret key (requires root) > - memory dump via DMA-enabled interfaces (firewire, pc-card, ...) > - cold boot attacks > > > Stefan _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
