rich...@karmannghia.org writes: > It's very straight-forward:
C'mon, man, Grandpa knows how to tie his shoes. The construction of such an encrypted list not technically terribly complex---as you said yourself, a SMOC. The problems are describing *who* is the adversary, *what* will they do to invade your privacy, and *how* does the proposed system thwart those threats. You are completely ignoring those questions. And no, "unencrypted mail is a threat" to "everybody" isn't a serious attempt to address them, given that almost everyone is using MTAs that support TLS nowadays. > Subscribers who want encrypted email include their public key in > their subscription details, What about the needs of *posters*, who are *at least* as important as subscribers here, who want to keep *their* posts private? That's why "encryption-optional" lists make no sense to me, except as a proof of concept. And the prescription to greppers to leave their mail folders unencrypted is not comforting to the authors, either. I see vanishly small added security in an encryption-optional mailing list of the kind Juergen described. As a proof-of-concept, it was a brave experiment that maybe could have led to something. But it didn't. > HOWEVER, just becasue ONE email list of a group who realized it was > there had that experience says NOT A THING about how many who > didn't know would love to have a list where users HAD to use > encryption to be on the list! [...] > It's myopic to see just one's own use case and think it applies > across the board. Round 'em up, man. I listen to the community. I'm listening to you. > Over my long and storied 47 year career in computer science I've long > noted that the vast majority of users: > > 1) Don't know what they really want; > 2) Don't have a clue what's easy and what's hard, and; > 3) Don't hang out on email lists like this one. So? I think they *do* know a very large fraction of what they want at the level of expressing *requirements* (WIBNI ...). Dealing with what's easy and what's hard is our problem as developers, not theirs. With that knowledge, we can help them refine and prioritize their requirements, and sometimes discover new ones. Convincing them that we understand their requirements and know easy vs. hard is also our problem. And the lack of like-thinking users on mailing lists like this one is a problem for advocates (like you?) > > But there are substantial technical hurdles to extreme > > requirements such as "end-to-end encryption" of list traffic. > > That is abjectly false, Juergen proved it, and not only was it NOT > difficult 20 years ago, in the 20 years since then what's fairly > easily possible has expanded considerably. Your definition of "end-to-end" is not the one in common use. A system where an intermediate node decrypts, then reencrypts and forwards, is not "end-to-end encrypted" in any usage I've seen before, It's really not useful to discuss technical issues if you won't at least use the accepted definitions of such critical terms. You're welcome to argue that given the threats you perceive, it's not an important requirement for an encrypted mailing list. But given the ease which which systems are penetrated these days, I disagree for most purposes I can think of. Steve ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
