On Jul 02, 2013, at 01:04 PM, Stephen J. Turnbull wrote: >No, in Mailman 3 it is not, and cannot be, internal to OpenPGP because >addresses are *not* Users. There is a many-to-one (address-to-User) >mapping (I hope; if it's many-to-many, we can probably dodge that >bullet by allowing sets of Users in many places we'd normally expect a >User).
You're correct, although technically addresses don't have to be associated with users. But if they are, they can only be associated with a single user. Users can control multiple addresses. While unlinked addresses are supported by the model, I don't think there's any case where unlinked addresses are really exposed in any meaningful way that a user or admin can utilize. So I think if we can associate OpenPGP user ids to email addresses, that will almost always imply an association to a user. >However, binding an email address to a User is a Mailman operation, and at >the point of adding an email to a User, in the scenario I'm thinking of the >only thing Mailman has to go on is the association of a key to an email. If >this is the initial email for that User, there's no problem. > >But for additional emails, there *is* a problem. The identification of >existing emails with the email to be added is not necessarily guaranteed by >the key presented. We need to think carefully about how this works (or can >be subverted). Very definitely. While it's easy to associate an address with an existing user, it's not entirely clear how we can do that in a secure way. -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
