I guess from reading Scott McGuire's message I should have described the posting procedure as well as the token issuing procedure. Here is what you do to post: Poster writes the post and include the token in the required place (wherever that turns out to be). Poster encrypt the message with the list's secret key and sends it to the list. Majordomo decrypts the message, checks the token, and if the token check passes, sends the plaintext of the message to the list members. Important points: (1) You do not need a secret key to post. This feature allows you to post from machines where you don't want to store your secret key ring. (2) List members do not need PGP, only posters. (3) People who want to post who can't due to local policy (e.g. no PGP) have choices: (a) Get a real ISP and machine and become a first class citizen. (b) Send the post to someone who can post via private mail, explain the situation and ask to have it posted. The principle reason for using PGP for posting is to protect the token from theft. I don't know a single-message, one-way protocol where a person can show possession of a token without reveling it. If there is such a protocol, then PGP is no longer required. David Molnar asks:
In any case, what bogeyman are we worried about, anyway? Pseudonyms? This list is already full of 'em. That's nothing new. Forged messages? If you trust anything you read on the Internet...well.. Privacy? It's a public mailing list, and one which I have long respected for its tradition of openness and inclusion. <casts nervous glance>
The bogeyman is flooding attack which make the list server effectivity unavailable. I have tried to preserve all the features he lists. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz@netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA