Calls: Send in your ideas. Deadline April 1st, 2023.

Last update: 2008-09-14


openPGP and S/MIME support in mailman

Currently, there is no re-encrypting mailing list manager with support for both PGP and S/MIME. Mailman is the most popular Open Source mailing list manager. The Secure List Server project "mailman-pgp-smime" aims to include OpenPGP and S/MIME support in Mailman, the GNU Mailing List Manager.

Adding re-encryption will enable groups of people to cooperate and communicate securely via email: mail can get distributed encrypted to a group of people, while the burden of managing individual keys is dealt with by the list software, not the sender. Furthermore, authentication is possible: the list server software takes care of checking this. This way, strong security for groups of people gets available for a wide audience.

Technical specification

This project will publish a patch for the official Mailman distribution. This patch handles both RFC 2633 (S/MIME) and RFC 2440 (OpenPGP) email messages.

A post will be distributed only if the PGP (or S/MIME) signature on the post is from one of the list members. For sending encrypted email, a list member encrypts with the public key of the list. The mailing list server will decrypted the posting and re-encrypted it with the public keys of all list members.

In order to achieve this, each list has a public and private key. (The private keys optionally protected by passphrases) Furthermore, new list settings are defined:

  • gpg_postings_allowed: is it allowed to send to this list postings which are encrypted with the GPG list key?
  • gpg_msg_distribution: are subscribers allowed (or even forced) to upload their GPG public key in order to receive all messages encrypted?
  • gpg_post_sign: should posts be GPG signed with an acknowledged subscriber key before being distributed?
  • gpg_msg_sign: should the server sign encrypted messages?

Similar settings are defined for S/MIME. Finally, each subscriber can upload her PGP and S/MIME public key using the Mailman webinterface.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.