On Mar 23, 2017, at 12:06 AM, Stephen J. Turnbull wrote:
>FYI: Encrypted lists *are* occasionally requested.
Another possible use case would be attempting to prevent the wholesale
compromise of email storage. Meaning, if you keep your email on some external
server, and that server is compromised
On Mar 21, 2017, at 07:27 PM, Stephen J. Turnbull wrote:
>Not if the target membership isn't already paranoid. Remember,
>20%-40% of devices are already compromised. Even at the low end,
>assuming uniform draws, with *three* members odds are *even* that one
>is compromised.
Is anybody even awar
On 03/22/2017 04:02 PM, Stephen J. Turnbull wrote:
> Also references to existing knowledge would be appreciated, such as
> "zero knowledge" schemes that might allow untrusted root on Mailman
> host, and the various implementations like SELS that have been
> mentioned.
In my proposal [1 or 2], I
On 03/22/2017 04:06 PM, Stephen J. Turnbull wrote:
> Rich Kulawiec writes:
>
> > (In the specific case, e.g., the right people using the right
> > devices with the right knowledge and self-discipline: maybe. But
> > there are not many of those cases and any of them can revert to the
> > gen
On 03/21/2017 11:16 PM, Rich Kulawiec wrote:
> On Tue, Mar 21, 2017 at 04:04:20PM +0100, johny wrote:
>> Shifting the attacker to actively compromise devices is an overall
>> improvement.
>
> If "compromising devices" was difficult, I might agree. But it's not.
> Devices of all descriptions hav
Rich Kulawiec writes:
> (In the specific case, e.g., the right people using the right
> devices with the right knowledge and self-discipline: maybe. But
> there are not many of those cases and any of them can revert to the
> general case in seconds with one poor decision or perhaps even
> wi
Richard Damon writes:
> One big thing that I haven't seen in the discussion of this problem is
> exactly WHAT issue/problem this feature is intended to solve, There are
> several different problems that encryption can help with, each needing
> different sort of support from the software.
Y
On 3/21/17 6:30 PM, Rich Kulawiec wrote:
On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote:
I would say that the problem that is being attempted to solve is
fundamentally impossible to do perfectly. It is impossible to distribute
messages in a secure manner to a number of recipients
