[Popcon-developers] encrypted popcon submissions
Ian Jackson
ijackson at chiark.greenend.org.uk
Fri May 10 21:36:25 UTC 2013
Peter Palfrader writes ("Re: encrypted popcon submissions"):
> Do you think the benefits outweight the drawback that the admin no
> longer can be certain we don't send anything we shouldn't?
This is a very good point but it can be easily dealt with: the
encrypted message should have two recipients, one of which is a key
whose private half is known to the administrator. By default it would
be a key created for the popcon installation the first time it would
be used.
Then a suspicious administrator can use their private key to decrypt
the messages to see what's in them, and a well-organised administrator
can drop their public key into the popcon config so they can do it
with their own email client.
Ian.
More information about the Popcon-developers
mailing list