The mailing list for listmasters using Sympa

[Dick Visser <address@concealed>]

Hi guys

I'm investigating the options of encrypted mail to a list, which Sympa
seems to support.
Upon reading the docs I find them somewhat vague. From
http://www.sympa.org/manual/x509#distributing_encrypted_messages, this
paragraph is especially misleading:

"The S/Sympa encryption feature in the distribution process assumes
that Sympa has received an encrypted message for some list. To be able
to encrypt a message for a list, the sender must have some access to
an X509 certificate for the list. So the first requirement is to
install a certificate and a private key for the list."

This could be interpreted as if all the senders should have the list
private key and cert, which (I hope!) is not the case. I'd like to
propose a change in wording:

"For the S/Sympa encryption feature to work, a list is configured with
a public/private key pair. To be able to encrypt a message for a list,
a sender must have access to the public X509 certificate for the list.
Sympa receives the encrypted message, and because it (on nobody else)
has access to the list's private key, it can decrypt it. The decrypted
message is then re-encrypted for each individual subscriber, using
their respective public keys."


Thanks!!!


-- 
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands