[Cryptography] upgrade mechanisms and policies

Jerry Leichter leichter at lrw.com
Sat Apr 18 21:56:20 EDT 2015

On Apr 16, 2015, at 5:59 PM, ianG <iang at iang.org> wrote:
>> I mean, for instance. Do you think this email should be encrypted, or
>> simply authentificated?
> These emails should be un-auth, moderated and encrypted.
This answer actually contradicts the rest of your point, which comes down to:   You can't make sensible security choices without considering the entire system.

This is an open mailing list.  Anyone can ask to join, and will receive all the messages.  Given that ... encryption is pointless.  The list itself acts as an oracle for any encryption done on the list!

As for authentication, for one thing, there are (at least) two possible kinds of authentication for messages here:  Of the original author, and that the message actually came through the list forwarder.  One can easily construct scenarios in which the presence or absence of either of these is desirable, and the two are independent of each other.  And even if authentication of the original author is desirable - that covers a huge piece of ground.  Would you want to bind the identity of this message to my passport - one extreme - or merely to previous messages - on this list?  In this response stream?  Anywhere on the Internet? - sent with the same apparent identity?

Simple point-to-point communication between parties who have some external way of identifying each other is the easy case.  Everything else is harder - sometimes *much* harder.
                                                        -- Jerry

More information about the cryptography mailing list