[tor-project] Tor project's use of Mailman

johny johny at neuromancer.sk
Tue Mar 21 14:40:21 UTC 2017


Hi all,
I'm currently working on my GSoC proposal for the GNU Mailman project,
which aims to implement encrypted mailing lists. I noticed that Tor
project uses Mailman and has a few private lists as well. I think that
Tor project's private lists might be a great example that could use such
encrypted lists.

What requirements would Tor project have of such encrypted mailing list?
This would help me better understand potential uses of encrypted mailing
lists in a real environment.

My proposal uses PGP/MIME. A short description follows:

It establishes a list keypair which subscribers use to encrypt their
messages with. A user needs to present a PGP public key on subscription
which will be later used to encrypt messages from the list. List owner
moderates the list and accepts users subscription. User has to prove
ownership of the key by signing a confirmation token. Subscriber then
sends messages encrypted with list key and signed with the one he
subscribed with. He receives messages encrypted to his key and signed by
the original author as well as the list itself. Commands will require
signature and confirmation too.

A more detailed proposal can be found in the links below.

-Jan

-----

[Project idea]:
https://wiki.list.org/DEV/Google%20Summer%20of%20Code%202017#Encrypted_Lists_I
[Proposal draft (site)]: https://neuromancer.sk/page/gsoc/mailman
[Proposal draft (PDF)]: https://neuromancer.sk/static/mailman.pdf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20170321/9dc37945/attachment.sig>


More information about the tor-project mailing list