CryptoList - Looking for beta testers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Sep 22 22:45:19 CEST 2013


On 09/22/2013 01:10 PM, Oliver Verlinden wrote:
> some days ago I had the idea of a pgp compatible mailing list.
> I know there is a mailman extension which supports pgp encrypted messages out 
> there, but I wanted ta have a small, fast and easy to configure solution.

Very cool to see that you've done this work and that you want to see
something like this happen.  It raises a lot of questions for me,
though: how does your system know whose keys are whose?  what if a key
expires?  how does it handle new subscribers?  who gets access to the
lists?  are they archived?  what about messages that can't be delivered
right away?  How do i as a user know what keys to encrypt to?  how do i
as an admin make sure my user's confidential data doesn't leak to
outside parties?

I'm not saying that mailman is perfect, but there are some legitimate
reasons that mailman is complex.  Dealing with store-and-forward message
delivery in a dynamic network is challenging in its own right, let alone
getting the key management right for lists that deal with crypto.
Taking on all those tasks and getting them right is a tall order!

Abhilash Raj <raj.abhilash1 at gmail.com> has done a bunch of work on
Mailman over the last few months, working toward integrating Mailman and
OpenPGP.  I'm quite sure he would be happy to collaborate with you if
you're interested in working as part of a team on a project that other
people will help maintain :)

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130922/f4cd9b74/attachment.sig>


More information about the Gnupg-users mailing list