[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (fwd) "Will You Be a Terrorist?"

In a post to <[email protected]>, [email protected] (L. Todd Masco) wrote:
> Now, this won't give protection from traffic analysis;  In was
> suggestion, I was really blurring two seperate lines of thought
> (I'm interested in PGPified mailing list software for content-hiding
> reasons; I'm trying to set up a "distributed business" that I'd
> like to keep secure).  Also, though, I'm not sure I want to count
> on anonymous remailers being available.  If people want to
> effectively "chain" them, that's fine.

    I don't see how using PGPified mailing lists help at all
(with the assumtion that anyone can subscribe). I mean, anyone
can simply subscribe to the list and then read all of the traffic.
What's the point? Anyways...

    I *can*, however, see the use of using PGP encryption for
mailing list submissions, expecially combined with an aliasing
feature. (i.e. the mailing list has a key pair, and people send
mail to it). Possibly even accepting something like the cypherpunk
remailer format (i.e.:

anon-post-from: bob

etc... ). This, however, *might* be going to far for some people's
comfort, because it would allow *COMPLETELY* untraceable posts
(depending on the security of the site, but that's another issue).
You can do other remailer-type traffic analysis defeaters like
sending out the posts in random order at fixed intervals, etc.

> 	- What I want (for other purposes) is a mailing list that has
> 	 its own public key; Material is encrypted to it, it decrypts it,
> 	 and then the material is encrypted with each recipient's public
> 	 key (I'm assuming a PGP base here).   Probably simply to do,
> 	 but has anybody done it?  No pretense of protection from
> 	 traffic analysis here: just to keep prying 3rd parties' eyes
> 	 off it.

See above. Also, a couple problems with encrypting it to each person on the list  
is that it takes:

 #1 Space for all of the keys
 #2 Time to encrypt EACH message to each person

Both of which quickly become a problem on high-volume lists such as cypherpunks.
Also, it requires that EVERYONE use PGP if they want to read the list. This, I  
believe, is an unacceptable requirement.

                                        [email protected]
PGP 2.6 key available. Fingerprint:     (Jonathan Adams)
    40 27 43 E0 5C 20 66 0E  EE 8C 10 9F EC 40 78 6A  (revoked!)
    A5 77 E9 28 88 DD B7 D4  9C 8C F9 D5 D8 3F 45 BE  (new! 1024 bit)