[Cryptography] encrypted list mail, was FW: IAB Statement
Bill Frantz
frantz at pwpconsult.com
Sat Nov 22 20:05:21 EST 2014
On 11/22/14 at 10:26 AM, barney at databus.com (Barney Wolff) wrote:
>On Fri, Nov 21, 2014 at 10:48:56PM -0800, Bill Frantz wrote:
>>The one encrypted list I have used used PGP. Everyone on the
>>list had a copy of the list's secret key. Everyone encrypted
>>to the matching public key. Its UI was as good as PGP. :-)
>
>I'm baffled. You didn't trust the list server with the plaintext, but
>you trusted every list member's computer? So why didn't you use one of
>them as the list server?
Just to be clear, it wasn't my list anymore than this list is my
list. I have no idea what authorization the list server machine had.
Everyone who was invited to join the list was authorized to read
list traffic. Men in the middle, eavesdroppers etc. were not.
The decryption key, which was in fact a PGP secret key, was
shared with everyone authorized to read the traffic.
Note that some of the advantages of this system are:
* No special software, just PGP and a mail list daemon.
* No extra load on the list server. It just forwards messages.
* Messages in the list archive are encrypted.
* If the list server needs to read messages, it can be given a
copy of the key.
Disadvantages include:
* New keys need to be distributed when people lose their list authorization.
* One can forget to encrypt a message and send it in the clear.
* Messages in the list archive are encrypted, making search harder.
If one wants to have an unencrypted list archive, one could
modify the list daemon software to decrypt the messages before
putting them in the archive. You would probably want to control
access to the archive with HTTPS and a logon. And you would lose
the advantage of standard software.
In fact the system worked quite well.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | "I wish there was a knob on the TV to turn
up the
408-356-8506 | intelligence. There's a knob called
"brightness", but
www.pwpconsult.com | it doesn't work. -- Gallagher
More information about the cryptography
mailing list