Hi Sam,

On 2/14/2021 11:26 AM, Sam Kuper wrote:
On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote:
I'm looking to decrypt incoming email from subscribers and encrypt
outgoing to each. The threat model is to not have any email into or
out of the mailing list to be intercepted/monitored.
The two sentences imply different requirements.

Even if you satisfy the requirements in the first sentence, any attacker
on the wire will be able to capture ("monitor") the emails; and the
headers will be in plain-text (including the Subject header, sender, and
recipients), even if the body and attachments are encrypted:
https://ssd.eff.org/en/module/why-metadata-matters

Also, if the attacker has compromised the CA, then they will potentially
be able to decrypt S/MIME messages (but not OpenPGP messages, if the
encryption and key generation were well-implemented[1]).

If you really want to satisfy the requirements in the second sentence,
then you might want to look at DIME (aka Darkmail), mixers, or
alternatives to email:

- https://en.wikipedia.org/wiki/Dark_Mail_Alliance

- https://en.wikipedia.org/wiki/Mix_networks

- https://en.wikipedia.org/wiki/Anonymous_remailers

- https://en.wikipedia.org/wiki/Tutanota

- https://en.wikipedia.org/wiki/ProtonMail

- https://en.wikipedia.org/wiki/Category:Internet_privacy_software

[1] At least, not unless affordable quantum computing is available to
the attacker.  If it is, then you would also need to use a
quantum-resistant cipher.  Unfortunately, doing that is still very
inconvenient to do using GnuPG or similar.

Thanks for the info. It is not the headers that I care about but rather the email content. I also would not care about S/MIME as all my subscribers will be GPG. I thought that was essentially the obsolete code did. I was considering taking that plug-in and modifying it to at least work with GPG and mailman 2.1.36.

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

Reply via email to