CryptoLists
Topics for Encrypted mailing lists
During this discussion we talked about the encrypted mailing list options there exist (for example the mailman patches) and the conclusion is that they dont implement the security level we need. Then Rhatto and Luis started to talked about Firma.
Firma
Firma is a standalone bash script that act as a mailing list manager when coupled with a MTA such as postfix. It uses gnupg directly to do OpenPGP: the private key is stored in the server and the clients must encrypt their message with the list pubkey and sign with their own keys in order to a message being processed.
Audios
Test list
The CVS version has full PGP/MIME support and there's also a text on how firma works.
We made a firma test list on encrypted at sarava.org so people can check how the system works and can try to audit the script, sugest changes and new features, but paying attention that its not our main project so we develop it quite slowly.
Currently we dont have any administrative features on firma: all administration is done through command line in the server, but firma is working very well to exchange messages.
People that want to test firma (i.e, join the list encrypted at sarava.org) should send me (rhatto at riseup.net) an OpenPGP public key block with the desired email address.