ehr...@greenhouse.economics.utah.edu writes: > I am not an expert but the encryption discussion is > extremely important.
We are not currently discussing encryption, but rather signing. A similar approach might work for signing, but it's subject to a weaker form of the objection below.[1] > Are you familiar with the Secure Email Lists (SELS) project? It's been mentioned. > To my limited understanding it seems to have the perfect > solution for mailing lists. Nothing in email is perfect or as simple as it seems. :-) > From skimming your messages I did not have the sense > that you were discussing such a paradigm. We aren't. This paradigm has a serious security hole from the point of view of Mailman in that many lists consider the filtering services (ie, blocking certain MIME content-types) to be essential. Since the MTA cannot decode and Mailman doesn't decode messages, there is no way to prevent distribution of malware. This would at the very least be a serious embarrassment to the operators of the allegedly "secure" list, and in my experience a serious danger, as I know very few people who treat "secure" systems as anything but absolutely safe, ignoring the fact that any given security system can only handle the attack vectors it was designed to handle. It might be useful to add it as an additional service, but given the responsibility that mailing list admins are expected to shoulder in today's environment, I think it's essential that the admins have access to the content distributed by their lists. Steve Footnotes: [1] Although filtering is possible, the approach you describe would require whole messages rather than parts to be filtered AFAICS. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9