On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote: > I'm looking to decrypt incoming email from subscribers and encrypt > outgoing to each. The threat model is to not have any email into or > out of the mailing list to be intercepted/monitored.
The two sentences imply different requirements. Even if you satisfy the requirements in the first sentence, any attacker on the wire will be able to capture ("monitor") the emails; and the headers will be in plain-text (including the Subject header, sender, and recipients), even if the body and attachments are encrypted: https://ssd.eff.org/en/module/why-metadata-matters Also, if the attacker has compromised the CA, then they will potentially be able to decrypt S/MIME messages (but not OpenPGP messages, if the encryption and key generation were well-implemented[1]). If you really want to satisfy the requirements in the second sentence, then you might want to look at DIME (aka Darkmail), mixers, or alternatives to email: - https://en.wikipedia.org/wiki/Dark_Mail_Alliance - https://en.wikipedia.org/wiki/Mix_networks - https://en.wikipedia.org/wiki/Anonymous_remailers - https://en.wikipedia.org/wiki/Tutanota - https://en.wikipedia.org/wiki/ProtonMail - https://en.wikipedia.org/wiki/Category:Internet_privacy_software [1] At least, not unless affordable quantum computing is available to the attacker. If it is, then you would also need to use a quantum-resistant cipher. Unfortunately, doing that is still very inconvenient to do using GnuPG or similar. -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you. ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/