On Wed, 2005-03-02 at 12:37 +0100, Brad Knowles wrote: > At 8:31 AM +0100 2005-03-02, Stefan Schlott wrote: > > Further, this will reveal > > all recipients' key ids - something not wanted in anonymous lists. > > True. A session key would be encrypted to each key id, so the > key ids would be visible. However, subscriber information is not too > hard to get from Mailman even when it's supposedly limited to being > available only to the admin, so I think there may be bigger fish to > fry elsewhere. > > > Imho the tradeoff lies somewhere inbetween - encrypt messages to n > > recipients (yet to be implemented). > > The problem is that encrypting a message is a very CPU-intensive > process, and you don't want to figure off thousands and thousands of > message encryption processes for every single submission -- you'd DoS > yourself to death. You'd have to make n pretty large in order to be > able to make this scalable.
In theory, you could encrypt the message once with a session key, and then distribute it n times, each time adding the packet which has the session key encrypted with the public key of the recipient. This should cost you very little more in encryption CPU requirements than a message encrypted to n recipients in the normal fashion. The rest of the additional required overhead is basically the same as turning personalisation on for a list. Not sure how amenable GPG is to doing this sort of hacking, but it sounds plausible to me (obviously too few coffees this morning). Nigel. -- [ Nigel Metheringham [EMAIL PROTECTED] ] [ - Comments in this message are my own and not ITO opinion/policy - ] _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp