[Cryptography] FW: IAB Statement on Internet Confidentiality
hbaker1 at pipeline.com
Thu Nov 20 13:45:06 EST 2014
At 10:03 AM 11/20/2014, John Levine wrote:
>>Perhaps "cryptography at metzdowd.com" could get people comfortable
>>with cryptography by encrypting all of its messages using PGP or
>Not a bad idea. The widely used (in Europe at least) Sympa list
>manager has built in S/MIME support. It picks up your S/MIME cert
>when you subscribe, incoming mail is encrypted to the list server's
>cert, is decrypted and re-encrypted to all of the subscribers' certs.
>I don't know anyone who uses this feature but it's been in Sympa for
>years and appears to work. I also don't know what they do about CAs.
>Dunno anyone who does this with PGP. With PGP, is it possible to
>encrypt a message for multiple recipients or do you have to do each
Re multiple recipients:
That's why I suggested _authentication_ for a first pass.
Authentication only requires that only the sender/moderator
have a public/private keypair, which each recipient can
validate, while also validating the "previous message
There are proposals to incorporate public keys together
with email addresses in a more-or-less backwards compatible
manner, so that a mail server could take the (public key,
email address, already-signed-message) and send
encrypt(already-signed-message, public key) to email address.
Yes, I know, this order is backwards; it is far better
to encrypt-then-sign, but that would put a lot more
work back on the sender/moderator's computer.
It would also be possible to sign-encrypt-sign, so long
as you also trusted the signing mailer to not tamper
with the previously encrypted ciphertext of the message.
More information about the cryptography