[Cryptography] IAB Statement on Internet Confidentiality
leichter at lrw.com
Fri Nov 21 11:15:37 EST 2014
On Nov 21, 2014, at 2:29 AM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
> What's more, if this is to be more than just clear-signing, the
> user agent would have to encrypt email to the list, with the
> moderators removing the the sender's signature and encryption in
> the appropriate order, and releasing the cleartext back to the list
> through a filter than re-signs as the list and re-encrypts (to each
> recipient separately, so as not to expose the lurkers in the enveloped
Actually, why is all that necessary? Consider the following algorithm: Each list member, and the moderator, has a public/private key pair. All list members share their public key with the moderator, and the moderator shares his public key with them. Flow:
- Sender chooses a random message key; encrypts his message with a symmetric algorithm; signs it with his private key; appends the message key, encrypted with the moderator's public key.
- Moderator checks the signature; decrypts the message key; adds a second level of signature to the (signed by the sender, encrypted) message; and, for each list member, forward the doubly signed, encrypted message, with the message key encrypted with that member's private key, to the list member.
- List member checks both levels of signature, decrypts the message key, decrypts the message.
Yes, this sends different messages to each recipient. But if that's a problem, any number of encrypted message keys can be attached to a message, so you can send the same message text to groups of recipients.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4813 bytes
Desc: not available
More information about the cryptography