[Mailman-Users] Re: OpenPGP and S/MIME aware Mailman

Sun, 14 Feb 2021 08:40:22 -0800 

On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote:
> I'm looking to decrypt incoming email from subscribers and encrypt
> outgoing to each. The threat model is to not have any email into or
> out of the mailing list to be intercepted/monitored.

The two sentences imply different requirements.

Even if you satisfy the requirements in the first sentence, any attacker
on the wire will be able to capture ("monitor") the emails; and the
headers will be in plain-text (including the Subject header, sender, and
recipients), even if the body and attachments are encrypted:
https://ssd.eff.org/en/module/why-metadata-matters

Also, if the attacker has compromised the CA, then they will potentially
be able to decrypt S/MIME messages (but not OpenPGP messages, if the
encryption and key generation were well-implemented[1]).

If you really want to satisfy the requirements in the second sentence,
then you might want to look at DIME (aka Darkmail), mixers, or
alternatives to email:

- https://en.wikipedia.org/wiki/Dark_Mail_Alliance

- https://en.wikipedia.org/wiki/Mix_networks

- https://en.wikipedia.org/wiki/Anonymous_remailers

- https://en.wikipedia.org/wiki/Tutanota

- https://en.wikipedia.org/wiki/ProtonMail

- https://en.wikipedia.org/wiki/Category:Internet_privacy_software

[1] At least, not unless affordable quantum computing is available to
the attacker.  If it is, then you would also need to use a
quantum-resistant cipher.  Unfortunately, doing that is still very
inconvenient to do using GnuPG or similar.

-- 
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?

()  ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\  file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
    https://mail.python.org/archives/list/mailman-users@python.org/

Reply via email to