On Tue, Feb 20, 2001 at 04:27:49PM +0000, Rachel Willmer wrote:
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then).
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
What's your threat model? It's significantly more difficult for an attacker to capture packets on the wire than is is for them to capture them on the sending server, an interim mail server or on the client. But doing a web based secure-server would require that the mail be in the clear on the server (well, you could encrypt it, but you'd have to automatically decrypt it to display it to each client, so you'd have to have the key somewhere where the OS can read it at any time... which makes it effectively in the clear). So an attacker could get the entire list's worth of traffic from the server. Requiring incoming mail to be encrypted to the server, then decrypting it and re-encrypting to each recipient (as Joseph Ashwood) suggested) would mean that there are potentially only a few messages in the clear on the server at any one time. To get a significant portion of the list's traffic, an attacker would have to subvert the server in some way such that it gets plaintext copies of the messages for a period of time. It'd be easier for the attacker to simply subscribe to the list... which leads me to my next point- how will you prevent attackers from subscribing to the list? Even with a perfect encrypted mailing list, the attacker can simply subscribe. One list that I have been on prevents attackers from subscribing by having current members vouch for a potential new member, preferably after having met them in real life. However, it'd be easy for someone with the time and inclination to impersonate an on-line persona during a real-space meeting. (for instance, in a lot of places I could pass myself off as Tim May, famous cypherpunk. Someone less public would be much easier. For that matter, if you met me, how would you know that I'm really Eric Murray?). It's enough for this one list, but the attackers have only limited time and resources to put into their attack. So if your threat model includes spys who would put effort into subscribing to the list to spy on it's activities, then there's not much use to encrypting the traffic-- it'll be read by the enemy anyhow.
ugh.
indeed. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5