[Cryptography] Mail Lists In the Post-Snowden Era

Joe Abley jabley at hopcount.ca
Mon Oct 21 11:19:07 EDT 2013


On 2013-10-20, at 10:22, Jerry Leichter <leichter at lrw.com> wrote:

> So ... imagine we don't like that.  How could this list be constituted in a "secure" way?  The quotes are on "secure" because even the definition of the word isn't clear.  Realistically, there's no way to avoid an NSA "plant" joining an open group, so perhaps there's little point in encrypting the messages.  Anonymous/pseudonymous posting?  Signed messages?  (A few members post them; hardly any of us do.)  Does that just make messages even more traceable/linkable?

There are trusted groups around that use e-mail for discussion of tactical opsec issues. The key elements are:

 - people are vetted by humans before they are allowed to join (you need N other people to vouch for you before you are allowed through the door)
 - people are required to upload PGP public keys to a central resource
 - PGP-encrypted mail to the list server address is decrypted on the list server and encrypted individually towards list subscribers before being distributed
 - non-encrypted mail is distributed in plaintext (so control over the decision to encrypt rests with the sender)

This leaves all the plaintext on the central server, which is a natural point for interception/subpoena.

It does go some way to enforcing transport security for mail, however (making it harder to intercept STARTTLS-or-not paths between list server and mailbox).

The membership vetting can no doubt be gamed, but it provides at least some barrier to infiltration-as-member.

The fact that you're sending mail to the "list" is still trivial to identify from a packet-level intercept, even if the content of the conversation is obscured.


Joe



More information about the cryptography mailing list