[Cryptography] FW: IAB Statement on Internet Confidentiality

[Henry Baker]

At 10:03 AM 11/20/2014, John Levine wrote:
>>Perhaps "cryptography at metzdowd.com" could get people comfortable
>>with cryptography by encrypting all of its messages using PGP or
>>equivalent ?
>
>Not a bad idea.  The widely used (in Europe at least) Sympa list
>manager has built in S/MIME support.  It picks up your S/MIME cert
>when you subscribe, incoming mail is encrypted to the list server's
>cert, is decrypted and re-encrypted to all of the subscribers' certs.
>I don't know anyone who uses this feature but it's been in Sympa for
>years and appears to work.  I also don't know what they do about CAs.
>
>Dunno anyone who does this with PGP.  With PGP, is it possible to
>encrypt a message for multiple recipients or do you have to do each
>copy separately?

Re multiple recipients:

That's why I suggested _authentication_ for a first pass.

Authentication only requires that only the sender/moderator
have a public/private keypair, which each recipient can
validate, while also validating the "previous message
hash".

There are proposals to incorporate public keys together
with email addresses in a more-or-less backwards compatible
manner, so that a mail server could take the (public key,
email address, already-signed-message) and send
encrypt(already-signed-message, public key) to email address.

Yes, I know, this order is backwards; it is far better
to encrypt-then-sign, but that would put a lot more
work back on the sender/moderator's computer.

It would also be possible to sign-encrypt-sign, so long
as you also trusted the signing mailer to not tamper
with the previously encrypted ciphertext of the message.