John Pettitt <jpp@software.net> wrote:
Poster cryptes mail with pgp using list exploder key. List exploder decrypts mail and recrypts with keys for all current list members and then sends the mail.
At 09:24 PM 3/4/96 -0800, abostick@netcom.com (Alan Bostick) suggested having the mailing list handler decrypt the session key using its private key, and re-encrypt with the public keys of the list members, but not do the IDEA decryption and re-encryption N times of the message body. This has the further advantage that the cleartext message body is never sitting around on the server where it might end up in swap space or file system leftover blocks. On the other hand, it really only costs you one IDEA encryption if you want to use the multiple-recipients options to PGP. With the current PGP, this means you don't have to hack your own crypto code; the toolkits in PGP 3.0 will make that easier, though.
[I don't want all the list members to need to know every other list members public key]
The multiple-recipients PGP doesn't give away everyone's public keys, only their keyIDs. If you want to remain pseudonymous, just create a public key that you use only for subscribing to the list. (Hmmm - multiple recipient support probably makes stealth-PGP harder to implement...)