Hi,
> from calafou hacklab & friends we wanted to reimplement schleuder in
> python. speaking and speaking we arrived at the conclusion that maybe
> writing a plug-in for Mailman 3 could be a good solution: we contribute
> to a great project and we have encrypt mailing list for hacktivist people.
Hi,
I had a few doubts regarding the project, I din't see any reply on
mm-dev so I mailed separately. Firstly what address should be used to
create the keys for the lists? I was of the opinion that list' posting
address should be used like 'mailman-developers@python.org' for mm-dev
list.
On 29.04.2013 11:40, Ian Eiloart wrote:
Also, what kind of secure list would have automated processing of
message content as a requirement?
imho you're asking the wrong question ;-) _All_ network communication
should be encrypted, it is a pity that mail encryption is so little adopted.
If a
On 27.04.2013 06:45, Stephen J. Turnbull wrote:
2. Your list has elevated security requirements. In this case, you can
use gpg-agent to manage the secret key (and its passphrase).
I don't understand what threat you propose to address in this way.
It's true that you can prevent the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25.04.2013 15:35, Daniel Kahn Gillmor wrote:
abhilash might have meant that there is a concern that a decrypted
message could be stored *on disk* in one of the queues, not just
in memory.
Of course, it's a good idea to decrypt the data as
On 25.04.2013 21:10, Abhilash Raj wrote:
Abhilash, i don't see any mention in your proposal of how you plan to
deal with the secret key material. will there be a way for mailman to
use a secret key that is stored in a password-protected form? If so, how?
Well I am not quite proficient in
On 26.04.2013 20:55, Terri Oda wrote:
I've been wondering about that... is there any time when the encrypted
message on disk would be available but the private key not?
As already pointed out, there are (at least) two ways to avoid an
unprotected secret key (or the corresponding pass phrase,
On 25.04.2013 00:14, Abhilash Raj wrote:
1) When a message is decrypted and then passed on between the queues, it
creates a security threat for the cleartext message is being held in
memory, even for a small time in between the runners.
The Mailman server holds the key to decrypt _every_
On 11.04.2013 06:19, Joost van Baal-Ilić wrote:
I am Joost van Baal-Ilić. I create a PGP keypair with ID Barry Warsaw. I
sent
the public key to the list server. I sent a mail, signed with the Barry-key,
encrtypted to the listkey, with From: Barry's email address, to the list.
The
On 11.04.2013 14:35, Richard Damon wrote:
Next problem: Mailman will have to decrypt the message and re-encrypt it
for each recipient. This also strips the signature of the original
sender. How do you show to the recipients that the original message was
signed (in a way which cannot be forged
Hi,
On monday january 12 I'll talk at the Chaos Seminar/a in Ulm, Germany,
see http://ulm.ccc.de/ChaosSeminar/2009/01_Mailman_PGP_SMIME .
Very cool! I wish I could be there.
The CCC team of Ulm usually records these talks on video (although it
sometimes takes some time until they are
Hi,
I suppose you could also have each mailing list publish a pubkey and
require that messages be encrypted with that pubkey in order to get
posted.
Now there's something which I'm sure it's a small subset of people would
be interested in, but it would definitely be nice.. the ability
Re-hi,
I brought this up on the Cairo mailing list recently
http://lists.freedesktop.org/archives/cairo/2006-November/008345.html
and Carl Worth brought up the idea of a simple option to accept any post
that's cryptographically signed, regardless of subscriber status. I
liked this idea for
Hi,
Stefan: thanks a lot for publishing your patch! Of course, this is
_very_ helpful!
Great to hear that :-)
This will create huge messages in large MLs. Further, this will reveal
all recipients' key ids - something not wanted in anonymous lists.
Imho the tradeoff lies somewhere inbetween -
Nigel Metheringham wrote:
In theory, you could encrypt the message once with a session key, and
then distribute it n times, each time adding the packet which has the
session key encrypted with the public key of the recipient.
...which is the very thing making gpg encryption so slow :-)
The
Brad Knowles wrote:
Further, this will reveal
all recipients' key ids - something not wanted in anonymous lists.
True. A session key would be encrypted to each key id, so the key
ids would be visible. However, subscriber information is not too
Hi Joost,
I will write and publish a patch which integrates PGP signature
validation and re-encryption of encrypted posts to mailman. Specs are:
Don't duplicate work which has already been done :-) I made
modifications to mailman 2.1.5 for encrypted mailinglists, but I kept
quiet for testing.
Hi,
Have either of you solved the problem of Mailman not preserving
white space in the message body? This kind of thing is death to
messages signed or encrypted with PGP, and I have yet to hear of anyone
who has addressed this issue.
As already mentioned, I didn't cover the sign-only case;
18 matches
Mail list logo