option: keep original sender signature
Currently, schleuder strips the orignal OpenPGP-signature of the sender, and adds a pseudo-header "Sig: Good signature from $sender", and signs this with the list key.
I see a use for this, but I don't think that this fits everyone.
Schleuder "breaks" end-to-end-confidentiality by re-encrypting the content. This is the design, this is okay. But stripping the original signature also breaks end-to-end-integrity and end-to-end-authenticity. I think these are valuable peoperties to retain, especially because of the re-encryption.
Other people think so, too. Jan Jancar is implementing encrypted lists in mailman, and two of his design principles are:
- keep the original user’s signature
- optionally strip the sender’s signature
When asked, why he's starting a new project over schleuder at all, the second of three reasons was:
keep the original sender's signature when resending to subscribers, which means a bit less trust in the server is necessary when the subscribers trust each other's keys. (AFAIK, Schleuder strips the signature and adds a header saying it was valid/not)
I didn't look into the details, but I assume this shouldn't be too hard to implement. AFAIU, MIME should make it rather easy to keep the original body and OpenPGP-signature throughout the resto of the re-encryption magic.