On 03/24/2017 09:10 AM, teor wrote:
Hi Jan,
On 22 Mar 2017, at 01:40, johny johny@neuromancer.sk wrote:
Hi all, I'm currently working on my GSoC proposal for the GNU Mailman project, which aims to implement encrypted mailing lists. I noticed that Tor project uses Mailman and has a few private lists as well. I think that Tor project's private lists might be a great example that could use such encrypted lists.
This sounds like a great proposal, but we've just implemented Schleuder.
Can you tell us how this would be different from Schleuder?
It is indeed a very similar design, with some differences, my Mailman's encrypted list implementation will: 1) be integrated into Mailman 3. Which means all features of a regular Mailman mailing list will be supported. (with some changes to work with an encrypted mailing list) 2) keep the original sender's signature when resending to subscribers, which means a bit less trust in the server is necessary when the subscribers trust each other's keys. (AFAIK, Schleuder strips the signature and adds a header saying it was valid/not) 3) offer a bit more integration with the PGP web-of-trust model. Where subscribers and mainly the list owner can sign the list key and send it back to the mailing list server, which will from that point on send this key with the new signature.
(Please don't put lines of dashes in the middle of your email. Some people use broken mail clients that cut off any text after a line of dashes.)
Sorry about that, will do, or rather won't do that anymore :)
-Jan