[Cryptography] Fwd: encrypted list mail, was IAB Statement on Internet Confidentiality

Hasan Diwan hasan.diwan at gmail.com
Tue Nov 25 01:54:36 EST 2014


On 23 November 2014 at 16:33, Ray Dillinger <bear at sonic.net> wrote:

>
>
> On 11/22/2014 08:48 AM, Jerry Leichter wrote:
> > On Nov 22, 2014, at 10:17 AM, John Levine <johnl at iecc.com> wrote:
>
> >> This sounds exactly like what Sympa does with S/MIME.  What am I
> >> missing here?
>
> > Probably nothing.  I never claimed originality - the design seemed
> > obvious to me, and the only reason I wrote it out was to answer the
> > claim that an encrypted list would have to re-encrypt and re-sign
> > every message for every recipient.
>
> Having the list re-encrypt and re-sign each message is a good idea
> if the list of activities you are seeking to forestall includes
> traffic analysis.
>
> If the server re-encrypts and re-signs each message, and the
> moderator forwards messages to other recipients in batches
> only once a day or so, then it becomes less obvious which
> sender was responsible for writing which message.
>
> Of course it's only a small part of the job.  If you really
> want to defend against traffic analysis, you have to generate
> cover traffic sufficient to (and in the complementary pattern
> to) make the real traffic indistinguishable from noise.
>
>                                 Bear
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>

Would it not be easier to have the server encrypt all received messages
with one private key, at which point it would be put in the archives.
Subscribers can send their public key, which is then used to send them the
message in question in encrypted form. -- H
-- 
OpenPGP: https://hasan.d8u.us/gpg.key
Sent from my mobile device
Envoyé de mon portable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141124/ffc629ba/attachment.html>


More information about the cryptography mailing list