Re: [openpgp] mailing list: managing the subscriber list
"Neal H. Walfield" <neal@walfield.org> Wed, 13 January 2016 15:50 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E2F1A8A94 for <openpgp@ietfa.amsl.com>; Wed, 13 Jan 2016 07:50:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LErQ0iFNWqRG for <openpgp@ietfa.amsl.com>; Wed, 13 Jan 2016 07:50:39 -0800 (PST)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 3BF591A8A8B for <openpgp@ietf.org>; Wed, 13 Jan 2016 07:50:39 -0800 (PST)
Received: from p5ddf94f7.dip0.t-ipconnect.de ([93.223.148.247] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1aJNgv-00084c-3L; Wed, 13 Jan 2016 15:50:33 +0000
Received: from [192.168.54.11] (helo=chu.huenfield.org) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <neal@walfield.org>) id 1aJNgs-0002qq-5b; Wed, 13 Jan 2016 16:50:32 +0100
Received: from localhost ([::1] helo=chu.huenfield.org.walfield.org) by chu.huenfield.org with esmtp (Exim 4.84) (envelope-from <neal@walfield.org>) id 1aJNgo-0005Mx-Im; Wed, 13 Jan 2016 16:50:26 +0100
Date: Wed, 13 Jan 2016 16:50:26 +0100
Message-ID: <87oacp4gxp.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: "Neal H. Walfield" <neal@walfield.org>, Rick van Rein <rick@openfortress.nl>, openpgp@ietf.org, Matthew Green <matthewdgreen@gmail.com>
In-Reply-To: <87twmje02x.fsf@vigenere.g10code.de>
References: <87ziwd3yrn.wl-neal@walfield.org> <56938B98.7000707@openfortress.nl> <87r3hn4tw2.wl-neal@walfield.org> <87twmje02x.fsf@vigenere.g10code.de>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-SA-Exim-Connect-IP: 192.168.54.11
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000)
X-SA-Exim-Scanned: Yes (on mail.huenfield.org)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/_DOItbzrDRFv0c84pfBWS-4DtAg>
Subject: Re: [openpgp] mailing list: managing the subscriber list
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 15:50:40 -0000
Hi Werner, At Tue, 12 Jan 2016 08:19:50 +0100, Werner Koch wrote: > On Mon, 11 Jan 2016 23:46, neal@walfield.org said: > > There are two types of re-encryption that I think are inappropriate: > > > > - when the mailing list software decrypts and reencrypts each > > message before forwarding it on to the list of subscriber, and, > > As soon as you are in the need for a mailing list you have severe opsec > problems which I consider not solvable: You not only need to fully trust > all participants but also need to make sure that _all_ their boxes are > properly secured against attacks. As we discussed recently offline, I respectfully disagree and I find this position difficult to resolve with your stated position of trying to bring GnuPG and encrypt in general to a wider audience. This is also why I'm working on this project in my free time and not on the clock. Even if people aren't sufficiently careful, ready-to-use encrypted mailing listings can hinder mass surveillance (similar to the way OpenPGP can, I think). Further, for those who do have the opsec background and need this protection, a solution that is easier to use than GnuPG groups + manually updating the subscriber list, is probably safer. > Adding another box to reencrypt the messages does not change the picture > much more than adding another subscriber. I disagree with this as well. Someone who hosts many mailing lists (e.g., google or sf) could abuse their position in a much more substantive way than a single user. Thanks, :) Neal
- [openpgp] mailing list: managing the subscriber l… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Rick van Rein
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Rick van Rein
- Re: [openpgp] mailing list: managing the subscrib… Werner Koch
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… Neal H. Walfield
- Re: [openpgp] mailing list: managing the subscrib… vedaal
- Re: [openpgp] mailing list: managing the subscrib… Phillip Hallam-Baker