[Cryptography] Mail Lists In the Post-Snowden Era

[Peter Todd]

On Sun, Oct 20, 2013 at 10:27:53AM -0700, Christian Huitema wrote:
> > So what would a reasonable security model for the Cryptography list look
> like?  Is it inherently just an open discussion?  Or could we come up with 
> > something else?  If we can do more, what kind of software would be needed
> to make it as free-flowing and easy to participate in and manage as 
> > the current list?
> 
> I know of several attempts to do that, and the conclusion always seems to be
> that e-mail is not the right tool for this job, and that specialized
> bulletin boards are much easier to deploy.
> 
> It is pretty clear that end-to-end e-mail encryption using PGP or S-MIME
> does not work for large groups. You end up having to solve the "distribution
> of the key to a large group," which is a variant of "sharing a secret with a
> large number of people," pretty much an oxymoron. If you want a solution

Note that you can use broadcast encryption to efficiently encrypt the
messages to multiple recipients. (a deployed example is in the AACS
video encryption) Or more simply keep people's PGP keys on file and have
the mail server encrypt each email.

Mathematically speaking it's an easy problem - what isn't solvable is
that it's impossible of course to prevent people from just
re-distributing the mailing list, other than maybe using traitor
tracing. But maybe in certain smaller to medium-sized communities the
minor amount of security provided might be valuable, especiallly
combined with repudation, like the group OTR messaging work.

-- 
'peter'[:-1]@petertodd.org
000000000000000981d375f993833d899723e0e538268e5a24231735e7fa8b2a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 685 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131020/007b4e4d/attachment.pgp>