Re: Encrypted lists and ease of use

[Roger Williams <roger@coelacanth.com>]

<scs@lokkur.dexter.mi.us> wrote:

  > Recently I've been involved in a number of small (30 people or
  > less) mailing lists which occasionally use PGP for encrypted mail.

  > The hassle comes when one is encrypting a message to the list...

Well, let the list server keep track of who is subscribed.

  > What I propose to do is have a second list, list-encrypted@host,
  > for every list@host...

Why do you need two lists?  My server currently hosts a few such lists
(for non-profit international technical projects, extended family
news, etc.):

Subscribers send mail to the list server, PGP-encrypted with the
list's public key.  The list server decrypts each inbound message with
its private key (passphrase entered at reboot).  The message may be a
message to the list, or a command to the list server.

The list server maintains a list of subscribers' public keys and
encrypts each list message (or digest, for higher-volume lists) for
each subscriber (our lists are small, so we prefer to encrypt mail for
one subscriber at a time).

Although messages exist temporarily as plain text arrays in the list
server, it doesn't maintain an archive of messages.  And as with any
(semi-)secure server, physical security is an issue.

As Allen mentioned, I think PGPdomo handles this, but majordomo is
pretty easy to hack up for any variation on this theme...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/