Re: Encrypted lists and ease of use
Where was the information on PGPdomo? That would seem appropriate for the input end, at least. -Allen From: IN%"scs@lokkur.dexter.mi.us" 26-SEP-1996 17:26:10.69 Subj: Encrypted lists and ease of use I'm considering sending someone off to work on a project, but wanted to sanity-check the idea and see if someone already has something similar. Recently I've been involved in a number of small (30 people or less) mailing lists which occasionally use PGP for encrypted mail. The hassle comes when one is encrypting a message to the list. With people coming and going, remembering who is on what list is impossible. We're always having to go back and re-send to someone who was left off of the encryption list. What I propose to do is have a second list, list-encrypted@host, for every list@host. Any mail sent to the list simply goes out in plaintext. List-encrypted is encrypted for everyone on list, then sent to the list with appropriate additional headers. To secure the mail as it travels from the sender to list-encrypted, we want to establish a public key for list-encrypted. All mail to the list *must* travel with the public key or be rejected. When mail arrives at list-encrypted, a deamon will process it. The daemon knows the secret key for -encrypted, and has a list of who is on what list. The daemon strips the -encrypted address, encrypts the message for all on the list. If there are other people on the To: or Cc: fields, the deamon will encrypt for them as well. If any of this fails, the message is sent to as many as possible and notification failure goes back to the original sender indicating who the failures were. The daemon then forwards it to the list real list. It preserves the From: field, but changs `To: list-encrypted' into simply `To: list.' Comments? Generally useful? Beta volunteers? :-) -- "Yea, the heavens shall open and the NP-complete solution given forth. ATT executives shall give birth to two-headed operating systems, and copyrights shall be expunged. The voice of the GNU shall be heard, but the faithless will be without transceivers." -- me
<scs@lokkur.dexter.mi.us> wrote:
Recently I've been involved in a number of small (30 people or less) mailing lists which occasionally use PGP for encrypted mail.
The hassle comes when one is encrypting a message to the list...
Well, let the list server keep track of who is subscribed.
What I propose to do is have a second list, list-encrypted@host, for every list@host...
Why do you need two lists? My server currently hosts a few such lists (for non-profit international technical projects, extended family news, etc.): Subscribers send mail to the list server, PGP-encrypted with the list's public key. The list server decrypts each inbound message with its private key (passphrase entered at reboot). The message may be a message to the list, or a command to the list server. The list server maintains a list of subscribers' public keys and encrypts each list message (or digest, for higher-volume lists) for each subscriber (our lists are small, so we prefer to encrypt mail for one subscriber at a time). Although messages exist temporarily as plain text arrays in the list server, it doesn't maintain an archive of messages. And as with any (semi-)secure server, physical security is an issue. As Allen mentioned, I think PGPdomo handles this, but majordomo is pretty easy to hack up for any variation on this theme... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/
Why do you need two lists? My server currently hosts a few such lists (for non-profit international technical projects, extended family news, etc.) . . .
Your solution is exactly what I want to do with the -encrypted list. The reason we want two is that 80-90% of what goes across the list is not sensitive. That kind of thing we want in plaintext for nice tools like grep and glimpse.
Steve Simmons <scs@lokkur.dexter.mi.us> writes:
Your solution is exactly what I want to do with the -encrypted list...
Then grab Majordomo 1.93 from http://www.greatcircle.com/majordomo/, PGPdomo 1.93 from ftp://ftp.jpunix.com/, and make whatever modifications to the Perl code you need to support your dual-list structure, instead of starting from scratch... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/
I wrote a perl script for such encrypted list. It works the following way: suppose the list address is somelist@someplace.com. The list owner generates a pgp key with user name equal to "somelist@someplace.com". The public key gets sent to all list participants. The members, in turn, submit their public keys to the maintainer. He lists their email addresses in the "subscribers" file. The perl script gets invoked from procmail. It decodes the incoming message. If an incoming message is not encrypted or cannot be decrypted, the list processor returns it to the sender (this quickly teaches people to do encrypt their messages). The script then encodes the message for each participant and sends it to the recipients. What you need to run it: - Perl 5 - Perl 5 PGP module (it is quite crappy because it does not allow passphrases containing several words) - PGP - premail have fun - Igor.
participants (4)
-
E. Allen Smith -
ichudov@algebra.com -
Roger Williams -
Steve Simmons