All great questions. Let me just add this. On Jun 28, 2013, at 01:03 PM, Stephen J. Turnbull wrote:
>There does need to be a way for list owners to take complete control of key >management, and there does need to be convenience in management. I think >that the "key signed by list-owner's list-key-management-key" is an important >step for convenience. I suspect that the hook needed to implement it would >be able to support various policies (probably through the 'chain of rules' >mechanism implemented in Mailman 3 core -- might require some refactoring of >core I guess). > > > I like this latter proposal, and it should be pretty > > straightforward to implement. This means, of course, that the > > list-owner's key needs to be known to the mailman instance. could > > there be more than one list-owner's key? > >Yes. As implied above, I envision there being a specific key used to >sign for permission to do X FVO X such as subscribe, post, get member >list, sign other people's keys (Web of Trust!), etc, so there could be >several keys in that sense. For paranoid folks who regularly expire >their keys, I would expect that keys might overlap in time, so there >probably should be a list of keys for each function. In some cases >one key will fit all, of course: "I only sign for people I trust to do >everything a signature gives authorization to do". Another complication is that keys will probably be attached to users, but users have relationships with list across the entire Mailman installation. So if it were list owners that were responsible for key management, how does that cross list boundaries? What about lists on the same system but in different domains? Does the site admin have to delegate key management responsibilities to list owners? I can imagine some kind of attack involving a list owner who approves a member's key for one list, and then using that to attack other lists on the same system. Tricky business. -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9