On Wed, Jan 13, 2016 at 1:33 AM, Doug Barton <dougb(_at_)dougbarton(_dot_)us>
wrote:
On 01/12/2016 06:27 PM, Phillip Hallam-Baker wrote:
Well, yeah. :) Did I miss a proposal for new tech?
Yep, we all did. Twenty years ago.
The other
is that you have to find someone you trust to run the mailing list or
the jabber contact service or whatever.
Well that's a given no matter what solution you choose. If you're relying on
someone else to do encryption on your behalf, you have to trust them. But
that's a marginal increase in trust compared to running a non-encrypted list
in the first place.
That is precisely the point. With proxy re-encryption 'recryption' you
do not need to trust the mailing list server. Only the list admin
needs to be trusted with the master decryption key.
The reason for bringing this up right now is that it is a technique we
should start to look at using as soon as implementations of the CFRG
algorithms start becoming available.