CryptoList - Looking for beta testers

Sun Sep 22 20:33:45 CEST 2013

On 22/09/13 19:10, Oliver Verlinden wrote:
> some days ago I had the idea of a pgp compatible mailing list.
> I know there is a mailman extension which supports pgp encrypted messages out 
> there, but I wanted ta have a small, fast and easy to configure solution.

Åre you also aware of Schleuder? [1] I don't want to surpress your
enthusiasm, but if possible, maybe, you can ameliorate that other thing
even more?

With Schleuder:
> - A list member writes an pgp signed and encrypted message to the list server
Or an outsider, depends on the configuration. There are some good use
cases, for example if a list address is used as a contact address.
> - Encryption is enforced: Non encrypted messages are rejected
Depends on configuration, see above.
> - The senders pgp signature is checked, to ensure the message integrity
I guess that's a default minimal basic thing everyone expects to be done
> - The message is multiplied and resigned/reencrypted by the list server
Same as Schleuder
> - The signed and encrypted messages are delivered to the list members
If this part was missing I wouldn't call it mailing list software ;-)

> Well it's weekend, so I started to code. ;)

Sound like you created a mitm! ;-)

> Meanwhile the key functionalities are implemented and the project is ready for 
> some beta tests. It's very annoying to write emails to myself all the time to 
> check functionality. So if you want to try this, just give me a short 
> notification with your public key id. I will add your public key into the lists 
> keyring and add you to the recipients list.

So, I'm sorry that I'm not here to beta-test, but would rather see
Schleuder getting better as someone reinventing the wheel. Maybe your
wheel is more round or has better brakes, I don't know. [2] It has
happened to me before that I enthusiastically spend a lot of time on
something that someone else already did. And sometimes that other
project served as a good example or inspiration.

> After some testings, the whole project will be available on SourceForge.

I might be asking (too) much, but I'd suggest to reconsider SourceForge,
they now try to push some drive-by installer in everyones mouth. I guess
a discussion on that subject is too much off-topic for this list, so
I'll stick with a link to a simple rant. [3]

All in all, I hope I found the right tone in my mail, don't get it
wrong, I applaud your energy and enthusiasm! And if someone figures a
way to do group public key encryption, I'd be interested in hearing how
that would work.

ciao,
kwadronaut

[1] http://schleuder2.nadir.org/
[2] I wonder, were the first wheels in humankind equipped with brakes?
[3]
http://www.gluster.org/2013/08/how-far-the-once-mighty-sourceforge-has-fallen/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130922/b5074fe5/attachment.sig>