[Cryptography] IAB Statement on Internet Confidentiality

Jerry Leichter leichter at lrw.com
Fri Nov 21 11:15:37 EST 2014

On Nov 21, 2014, at 2:29 AM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> What's more, if this is to be more than just clear-signing, the
> user agent would have to encrypt email to the list, with the
> moderators removing the the sender's signature and encryption in
> the appropriate order, and releasing the cleartext back to the list
> through a filter than re-signs as the list and re-encrypts (to each
> recipient separately, so as not to expose the lurkers in the enveloped
> message)....
Actually, why is all that necessary?  Consider the following algorithm:  Each list member, and the moderator, has a public/private key pair.  All list members share their public key with the moderator, and the moderator shares his public key with them.  Flow:

- Sender chooses a random message key; encrypts his message with a symmetric algorithm; signs it with his private key; appends the message key, encrypted with the moderator's public key.
- Moderator checks the signature; decrypts the message key; adds a second level of signature to the (signed by the sender, encrypted) message; and, for each list member, forward the doubly signed, encrypted message, with the message key encrypted with that member's private key, to the list member.
- List member checks both levels of signature, decrypts the message key, decrypts the message.

Yes, this sends different messages to each recipient.  But if that's a problem, any number of encrypted message keys can be attached to a message, so you can send the same message text to groups of recipients.

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141121/6f3673ba/attachment.bin>

More information about the cryptography mailing list