[Cryptography] encrypted list mail, was IAB Statement on Internet Confidentiality

[Jerry Leichter]

On Nov 22, 2014, at 10:17 AM, John Levine <johnl at iecc.com> wrote:
>> - Sender chooses a random message key; encrypts his message with a symmetric algorithm; signs it with his private key; appends the message key,
>> encrypted with the moderator's public key.
>> - Moderator checks the signature; decrypts the message key; adds a second level of signature to the (signed by the sender, encrypted) message; and,
>> for each list member, forward the doubly signed, encrypted message, with the message key encrypted with that member's private key, to the list
>> member.
>> - List member checks both levels of signature, decrypts the message key, decrypts the message.
> 
> This sounds exactly like what Sympa does with S/MIME.  What am I missing here?
Probably nothing.  I never claimed originality - the design seemed obvious to me, and the only reason I wrote it out was to answer the claim that an encrypted list would have to re-encrypt and re-sign every message for every recipient.

(An interesting thing about the design, BTW, is that if all group members also share a secret key that is *not* revealed to the moderator, then by super-encrypting with that key in addition to using the session key, we can have a system in which the moderator - more properly the forwarder, in this case - can properly forward the mail, but isn't able to read it.)
                                                        -- Jerry