On Mon, Feb 19, 2001 at 03:14:56PM +0100, Tom wrote:

one low-tech solution would be using SSL. set up a dedicated machine that talks on smtps, but not on the normal smtp (which makes sure your inbound traffic is encrypted). the listmails are send EXCLUSIVELY to local users, who can read them via an IMAP server which also doesn't allow unencrypted access.

Sympa mailing list software supports S/MIME, which seems to be best encryption standard to protect email delivered to such a heterogenic group of recipients. Sympa http://listes.cru.fr/sympa/ -- Paweł Krawczyk *** home: http://ceti.pl/~kravietz/ security: http://ipsec.pl/ *** fidonet: 2:486/23

The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then). so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server. ugh. rachel --On 20 February 2001 16:20 +0000 Ben Laurie wrote:

Joseph Ashwood wrote:

...

Well it's not an easy way, but it's a functional way. Take the code for GPG and the code for your favorite open-source list server, integrate them so that each mailing list has it's own GPG key, decrypts, reencrypts to the targets (individually so as to avoid having insane sizes for each message) sends, repeat. If you need higher speeds you can compromise of the encrypt to targets by choosing a key periodically, encrypting it to all the targets and holding it to be combined with the header.

Hmm. I'd imagine this would not be too horribly difficult to do with ezmlm (since it already tend to break apart the various steps in the process).

Cheers,

Ben.

-- http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff

The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by

----- Original Message ----- From: "Rachel Willmer" To: "Ben Laurie" ; "Joseph Ashwood" Cc: ; ; Sent: Tuesday, February 20, 2001 10:27 AM Subject: Re: FAQ? how to set up a cross-platform encrypted mailing list/forum then).

so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.

So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do. Joe

On Tue, 20 Feb 2001, Joseph Ashwood wrote:

...

So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do. Really? Provide a reference to such an algorithm? Actually considering that the reference was for PGP encrypted messages, which have known characteristics. They decrypt, and since we also have complete control over the requirements, you can require signatures. What are

----- Original Message ----- From: "Jim Choate" the odds that an arbitrary message will have a verifiable PGP signature attached? As well as appropriate formatting for decryption? That's one of the beauties of formatting, we know exactly what it should look like, give or take the middle parts. Joe

On Wed, 21 Feb 2001, Tom wrote:

check back in the archives, early october last year. you'll find an extensive discussion and several posted algorithms which - while not perfect - should work well enough, especially in the kind of controlled, closed environment that the original poster is working with.

Which of the three list archives? I'm subscribers to all three of the major lists you sent this to and NONE of them (especially if you're talking about the moronic discussion on cypherpunks from a couple of months ago - where NOTHING, especially no working algorithms were discussed) have ever demonstrated a single algorithm that can decide if an arbitrary block of symbols is encrypted or not (unless of course you know a priori by pre-defining it, which isn't the same problem as you describe at all). Ah, now you change the rules of the game with 'controlled environment'. That wasnt' in your first description. I told you there was no such algorithm. ps shooting the can-sat down isn't the point, and to answer your question, a lot more than it costs to put them up there. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Thu, 22 Feb 2001, Tom wrote:

you are the one missing the point by about, uh, the size of mexico. the original poster of this thread had a specific problem. it doesn't matter

Which didn't include a priori encryption specifications. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Wed, 21 Feb 2001, David Honig wrote:

1. look for appropriate headers and/or 2. convert to binary and measure the entropy of the sample. Nothing written by human hand comes close to pure noise.

But the orginal problem placed no constraints on the encryption used by the source. Not being a 'human' language is not sufficient to prove it is encrypted, nor is it equivalent to the original problem. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

On Tue, Feb 20, 2001 at 04:27:49PM +0000, Rachel Willmer wrote:

The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then).

so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.

What's your threat model? It's significantly more difficult for an attacker to capture packets on the wire than is is for them to capture them on the sending server, an interim mail server or on the client. But doing a web based secure-server would require that the mail be in the clear on the server (well, you could encrypt it, but you'd have to automatically decrypt it to display it to each client, so you'd have to have the key somewhere where the OS can read it at any time... which makes it effectively in the clear). So an attacker could get the entire list's worth of traffic from the server. Requiring incoming mail to be encrypted to the server, then decrypting it and re-encrypting to each recipient (as Joseph Ashwood) suggested) would mean that there are potentially only a few messages in the clear on the server at any one time. To get a significant portion of the list's traffic, an attacker would have to subvert the server in some way such that it gets plaintext copies of the messages for a period of time. It'd be easier for the attacker to simply subscribe to the list... which leads me to my next point- how will you prevent attackers from subscribing to the list? Even with a perfect encrypted mailing list, the attacker can simply subscribe. One list that I have been on prevents attackers from subscribing by having current members vouch for a potential new member, preferably after having met them in real life. However, it'd be easy for someone with the time and inclination to impersonate an on-line persona during a real-space meeting. (for instance, in a lot of places I could pass myself off as Tim May, famous cypherpunk. Someone less public would be much easier. For that matter, if you met me, how would you know that I'm really Eric Murray?). It's enough for this one list, but the attackers have only limited time and resources to put into their attack. So if your threat model includes spys who would put effort into subscribing to the list to spy on it's activities, then there's not much use to encrypting the traffic-- it'll be read by the enemy anyhow.

ugh.

indeed. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5

At 10:36 AM -0800 on 2/22/01, Sameer Parekh wrote:

yet another reason I'm not in the crypto/security industry anymore.

That and a possible non-compete agreement with Red-Hat? ;-). Cheers, RAH Who just remembered that Doug Barnes is now in the *head-hunting* business, of all things, though I would believe that they're actually both tired of the thrash... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'