Hi Werner,
At Tue, 12 Jan 2016 08:19:50 +0100,
Werner Koch wrote:
On Mon, 11 Jan 2016 23:46, neal(_at_)walfield(_dot_)org said:
There are two types of re-encryption that I think are inappropriate:
- when the mailing list software decrypts and reencrypts each
message before forwarding it on to the list of subscriber, and,
As soon as you are in the need for a mailing list you have severe opsec
problems which I consider not solvable: You not only need to fully trust
all participants but also need to make sure that _all_ their boxes are
properly secured against attacks.
As we discussed recently offline, I respectfully disagree and I find
this position difficult to resolve with your stated position of trying
to bring GnuPG and encrypt in general to a wider audience. This is
also why I'm working on this project in my free time and not on the
clock.
Even if people aren't sufficiently careful, ready-to-use encrypted
mailing listings can hinder mass surveillance (similar to the way
OpenPGP can, I think). Further, for those who do have the opsec
background and need this protection, a solution that is easier to use
than GnuPG groups + manually updating the subscriber list, is probably
safer.
Adding another box to reencrypt the messages does not change the picture
much more than adding another subscriber.
I disagree with this as well. Someone who hosts many mailing lists
(e.g., google or sf) could abuse their position in a much more
substantive way than a single user.
Thanks,
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp