[Cryptography] encrypted list mail, was IAB Statement on Internet Confidentiality

Ray Dillinger bear at sonic.net
Sun Nov 23 19:33:58 EST 2014

On 11/22/2014 08:48 AM, Jerry Leichter wrote:
> On Nov 22, 2014, at 10:17 AM, John Levine <johnl at iecc.com> wrote:

>> This sounds exactly like what Sympa does with S/MIME.  What am I
>> missing here?

> Probably nothing.  I never claimed originality - the design seemed
> obvious to me, and the only reason I wrote it out was to answer the
> claim that an encrypted list would have to re-encrypt and re-sign
> every message for every recipient.

Having the list re-encrypt and re-sign each message is a good idea
if the list of activities you are seeking to forestall includes
traffic analysis.

If the server re-encrypts and re-signs each message, and the
moderator forwards messages to other recipients in batches
only once a day or so, then it becomes less obvious which
sender was responsible for writing which message.

Of course it's only a small part of the job.  If you really
want to defend against traffic analysis, you have to generate
cover traffic sufficient to (and in the complementary pattern
to) make the real traffic indistinguishable from noise.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141123/ab3b6439/attachment.sig>

More information about the cryptography mailing list