On Tue, April 17, 2007 12:38 pm, Andrew Lentvorski wrote:
> Lan Barnes wrote:
>
>> I've often wondered if an email list could be set up that automatically
>> used GPG at both ends. The server could have its own public key, and
>> could
>> then decrypt and reencrypt using the public key of every subscriber. Of
>> course, it would be easy for intelligence gatherers to penetrate by
>> signing up ("Yes, comrade, I too get off by exchanging secret salad
>> dressing recipes"). So the content wouldn't be secret for long,
>> especially
>> if new members were being admitted.
>
> And then some idiot on the list would archive every single email
> message--in plaintext.
>
> This problem is not new. The issue is that people stick their nose into
> other peoples' business and jump to presumption of guilt. This is why
> our system attempts to enshrine some level of privacy and presumption of
> innocence.
>
> This was a problem even in the 1600's:
>
> "Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y
> trouverai de quoi le faire pendre"
> - Cardinal Richelieu (Armand Jean du Plessis)
>
> Translation: "If one would give me six lines written by the hand of the
> most honest man, I would find something in them to have him hanged."
>
>
> The solution is easy, if unpalatable. Email only gets accessed through
> a web interface, cannot be saved or printed, has non external pop or
> imap access, and is only held on the corporate server.
>
> Of course, this is so annoying that everybody will start conducting
> business on their yahoo/hotmail/gmail accounts. And then you have the
> problem again.
>
> The problem is social: we need to quit assuming guilt. Good luck with
> that.
>
> -a
>
I agree with everything you say and have snarfed the good Cardinal (how he
would have loved Gitmo!).
But I want a technical response. I'm a lightweight (saving grace: I know
it), and I don't know if it would work technically.
So let's _not_ assume innocence. Let's assume the most depraived, highly
trained, motivated miscreants we can -- kiddie-porn-narco-terrorists. No,
DEMOCRATS! <shudder>
Let's also assume they are none of them rats and no new recruits are
initiated into their mailing list.
Other than being able to tell everybody who's on the list and to do some
basic traffic analysis, would my encrypted mailing list be secure until
they popped open the door on the server room (or black-bagged one member's
PC)?
--
Lan Barnes
SCM Analyst Linux Guy
Tcl/Tk Enthusiast Biodiesel Brewer
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
