FAQ? how to set up a cross-platform encrypted mailing list/forum
This might be a FAQ. Or it might just be a question with a really obvious answer that I can't see for looking. How can I set up a mailing list or online forum with encrypted traffic? The clients are varied platforms: Win98, WinNT, OpenBSD, FreeBSD. I thought about tweaking the listserver to send out encrypted mails. But that doesn't help the inbound traffic. I thought about using some online forum. But the only one I can find which looks to make any mention of the word security is Groove. Which is Windows only. I thought about setting up a VPN between the various mailservers. But we'd have to secure all the MX hosts to be sure, and some of them aren't adminstratively accessible by me. and anyway one of the potential users uses a public ISP, so um, help! is this a FAQ with no answer? or is this a question with an answer so obvious I'll blush when I'm told what it is... All suggestions welcome... Rachel
Rachel Willmer wrote:
How can I set up a mailing list or online forum with encrypted traffic?
I don' think there's an out-of-the-box solution for this one so far. if there is, I'd be very interested in it myself. one low-tech solution would be using SSL. set up a dedicated machine that talks on smtps, but not on the normal smtp (which makes sure your inbound traffic is encrypted). the listmails are send EXCLUSIVELY to local users, who can read them via an IMAP server which also doesn't allow unencrypted access. of course, that may not be feasable if you're talking about an open forum, where readers come and go all the time, but you sounded like you had a more closed target audience.
On Mon, Feb 19, 2001 at 03:14:56PM +0100, Tom wrote:
one low-tech solution would be using SSL. set up a dedicated machine that talks on smtps, but not on the normal smtp (which makes sure your inbound traffic is encrypted). the listmails are send EXCLUSIVELY to local users, who can read them via an IMAP server which also doesn't allow unencrypted access.
Sympa mailing list software supports S/MIME, which seems to be best encryption standard to protect email delivered to such a heterogenic group of recipients. Sympa http://listes.cru.fr/sympa/ -- Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/> security: <http://ipsec.pl/> *** fidonet: 2:486/23
At 01:34 PM 2/19/01 +0000, Rachel Willmer wrote:
How can I set up a mailing list or online forum with encrypted traffic?
Simplest way: forward only pgp encrypted email. All correspondents must have picked up the public keys of any poster. ....... "What company did you say you were from, Mr. Hewlett?" ---Walt Disney to Bill Hewlett eetimes 22.01.01 p 32
Well it's not an easy way, but it's a functional way. Take the code for GPG and the code for your favorite open-source list server, integrate them so that each mailing list has it's own GPG key, decrypts, reencrypts to the targets (individually so as to avoid having insane sizes for each message) sends, repeat. If you need higher speeds you can compromise of the encrypt to targets by choosing a key periodically, encrypting it to all the targets and holding it to be combined with the header. I would recommend against an S/MIME solution. S/MIME has a great many weak solutions, and take a lot of work before it's really ready for secure purposes. Joe
Joseph Ashwood wrote:
Well it's not an easy way, but it's a functional way. Take the code for GPG and the code for your favorite open-source list server, integrate them so that each mailing list has it's own GPG key, decrypts, reencrypts to the targets (individually so as to avoid having insane sizes for each message) sends, repeat. If you need higher speeds you can compromise of the encrypt to targets by choosing a key periodically, encrypting it to all the targets and holding it to be combined with the header.
Hmm. I'd imagine this would not be too horribly difficult to do with ezmlm (since it already tend to break apart the various steps in the process). Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then). so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server. ugh. rachel --On 20 February 2001 16:20 +0000 Ben Laurie <ben@algroup.co.uk> wrote:
Joseph Ashwood wrote:
Well it's not an easy way, but it's a functional way. Take the code for GPG and the code for your favorite open-source list server, integrate them so that each mailing list has it's own GPG key, decrypts, reencrypts to the targets (individually so as to avoid having insane sizes for each message) sends, repeat. If you need higher speeds you can compromise of the encrypt to targets by choosing a key periodically, encrypting it to all the targets and holding it to be combined with the header.
Hmm. I'd imagine this would not be too horribly difficult to do with ezmlm (since it already tend to break apart the various steps in the process).
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
On Tue, 20 Feb 2001, Rachel Willmer wrote:
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then).
Then have it do a dictionary search on a text, have it randomly pick 10 'words' as delimited by spaces. Do a dictionary search, if they're there it PROBABLY isn't encrypted.
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
So, how does swapping a http for a smtpd effect clear text submissions and re-transmission (helping known text attacks)? ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by
----- Original Message ----- From: "Rachel Willmer" <rachel@intertrader.com> To: "Ben Laurie" <ben@algroup.co.uk>; "Joseph Ashwood" <ashwood@msn.com> Cc: <cypherpunks@cyberpass.net>; <coderpunks@toad.com>; <cryptography@c2.net> Sent: Tuesday, February 20, 2001 10:27 AM Subject: Re: FAQ? how to set up a cross-platform encrypted mailing list/forum then).
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do. Joe
On Tue, 20 Feb 2001, Joseph Ashwood wrote:
So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do.
Really? Provide a reference to such an algorithm? Determining if a arbitrary message is encrypted using some arbitrary algorithm is identical to language translation, a poorly understood operation at best. The best I've seen so far is to take random space delimited samples of the text and determine if they fit a particular language dictionary. If they don't fit then it is more likely to be encrypted. That's still a long way from your claim. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Tue, 20 Feb 2001, Joseph Ashwood wrote:
So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do. Really? Provide a reference to such an algorithm? Actually considering that the reference was for PGP encrypted messages, which have known characteristics. They decrypt, and since we also have complete control over the requirements, you can require signatures. What are
----- Original Message ----- From: "Jim Choate" <ravage@ssz.com> the odds that an arbitrary message will have a verifiable PGP signature attached? As well as appropriate formatting for decryption? That's one of the beauties of formatting, we know exactly what it should look like, give or take the middle parts. Joe
Jim Choate wrote:
So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do.
Really? Provide a reference to such an algorithm?
check back in the archives, early october last year. you'll find an extensive discussion and several posted algorithms which - while not perfect - should work well enough, especially in the kind of controlled, closed environment that the original poster is working with.
On Wed, 21 Feb 2001, Tom wrote:
check back in the archives, early october last year. you'll find an extensive discussion and several posted algorithms which - while not perfect - should work well enough, especially in the kind of controlled, closed environment that the original poster is working with.
Which of the three list archives? I'm subscribers to all three of the major lists you sent this to and NONE of them (especially if you're talking about the moronic discussion on cypherpunks from a couple of months ago - where NOTHING, especially no working algorithms were discussed) have ever demonstrated a single algorithm that can decide if an arbitrary block of symbols is encrypted or not (unless of course you know a priori by pre-defining it, which isn't the same problem as you describe at all). Ah, now you change the rules of the game with 'controlled environment'. That wasnt' in your first description. I told you there was no such algorithm. ps shooting the can-sat down isn't the point, and to answer your question, a lot more than it costs to put them up there. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
(receipient list snipped) Jim Choate wrote:
check back in the archives, early october last year. you'll find an extensive discussion and several posted algorithms which - while not perfect - should work well enough, especially in the kind of controlled, closed environment that the original poster is working with.
Which of the three list archives?
my fault. cypherpunks.
I'm subscribers to all three of the major lists you sent this to and NONE of them (especially if you're talking about the moronic discussion on cypherpunks from a couple of months ago - where NOTHING, especially no working algorithms were discussed) have ever demonstrated a single algorithm that can decide if an arbitrary block of symbols is encrypted or not (unless of course you know a priori by pre-defining it, which isn't the same problem as you describe at all).
you are the one missing the point by about, uh, the size of mexico. the original poster of this thread had a specific problem. it doesn't matter if an algorithm satisfies some arbitrary and, to be brutally honest, mental-masturbation definition of perfect cryptography detection. incidently, since he is working in a closed environment and CAN dictate the crypto to be used (within limits, such as the requirement that the software for it be available on all used platforms), the very requirement you mention as the critical is in fact not only uncritical, but not even a problem.
Ah, now you change the rules of the game with 'controlled environment'. That wasnt' in your first description. I told you there was no such algorithm.
you should really go back and read the thread with this subject line from the very beginning. we are NOT talking about any pipe-dream "detects any imaginable form of crypto" algorithm, which I will agree can not exist. this thread is about a very specific problem and possible solutions.
On Thu, 22 Feb 2001, Tom wrote:
you are the one missing the point by about, uh, the size of mexico. the original poster of this thread had a specific problem. it doesn't matter
Which didn't include a priori encryption specifications. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
At 12:11 AM 2/21/01 -0600, Jim Choate wrote:
On Tue, 20 Feb 2001, Joseph Ashwood wrote:
So you write it so that unencrypted e-mail simply will be bounced. Simple enough to do.
Really? Provide a reference to such an algorithm? Determining if a
1. look for appropriate headers and/or 2. convert to binary and measure the entropy of the sample. Nothing written by human hand comes close to pure noise. This counters trivial spam and would prevent unintentional cleartext transmissions. Are we assuming that participants have some interest in keeping the threads confidential? Or some of them malicious?
On Wed, 21 Feb 2001, David Honig wrote:
1. look for appropriate headers and/or 2. convert to binary and measure the entropy of the sample. Nothing written by human hand comes close to pure noise.
But the orginal problem placed no constraints on the encryption used by the source. Not being a 'human' language is not sufficient to prove it is encrypted, nor is it equivalent to the original problem. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
At 05:58 PM 2/21/01 -0600, Jim Choate wrote:
On Wed, 21 Feb 2001, David Honig wrote:
1. look for appropriate headers and/or 2. convert to binary and measure the entropy of the sample. Nothing
written
by human hand comes close to pure noise.
But the orginal problem placed no constraints on the encryption used by the source.
I don't think the original poster intended rot13 to be acceptable. And this would be caught: plaintext ciphered with the former won't pass the entropy test. I like the idea, suggested by someone else, of checking digital signatures on the encrypted msgs since this can authenticate the crypto tool also, assuring that rot13 or DES isn't used. Though its more work for Mr. SMTP Host than simply measuring entropy. ....... "What company did you say you were from, Mr. Hewlett?" ---Walt Disney to Bill Hewlett eetimes 22.01.01 p 32
On Tue, Feb 20, 2001 at 04:27:49PM +0000, Rachel Willmer wrote:
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then).
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
What's your threat model? It's significantly more difficult for an attacker to capture packets on the wire than is is for them to capture them on the sending server, an interim mail server or on the client. But doing a web based secure-server would require that the mail be in the clear on the server (well, you could encrypt it, but you'd have to automatically decrypt it to display it to each client, so you'd have to have the key somewhere where the OS can read it at any time... which makes it effectively in the clear). So an attacker could get the entire list's worth of traffic from the server. Requiring incoming mail to be encrypted to the server, then decrypting it and re-encrypting to each recipient (as Joseph Ashwood) suggested) would mean that there are potentially only a few messages in the clear on the server at any one time. To get a significant portion of the list's traffic, an attacker would have to subvert the server in some way such that it gets plaintext copies of the messages for a period of time. It'd be easier for the attacker to simply subscribe to the list... which leads me to my next point- how will you prevent attackers from subscribing to the list? Even with a perfect encrypted mailing list, the attacker can simply subscribe. One list that I have been on prevents attackers from subscribing by having current members vouch for a potential new member, preferably after having met them in real life. However, it'd be easy for someone with the time and inclination to impersonate an on-line persona during a real-space meeting. (for instance, in a lot of places I could pass myself off as Tim May, famous cypherpunk. Someone less public would be much easier. For that matter, if you met me, how would you know that I'm really Eric Murray?). It's enough for this one list, but the attackers have only limited time and resources to put into their attack. So if your threat model includes spys who would put effort into subscribing to the list to spy on it's activities, then there's not much use to encrypting the traffic-- it'll be read by the enemy anyhow.
ugh.
indeed. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
It's quite funny that everyone completely missed the point of your original email. Not a surprise though. yet another reason I'm not in the crypto/security industry anymore.
The problem I see with doing this, is that it doesn't stop someone absent-mindedly sending out an unencrypted mail to the list server. Which then will travel happily in the clear over the Internet to the list server, (where it gets encrypted and sent back out again but its too late by then).
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
ugh.
rachel
-- sameer
At 10:36 AM -0800 on 2/22/01, Sameer Parekh wrote:
yet another reason I'm not in the crypto/security industry anymore.
That and a possible non-compete agreement with Red-Hat? ;-). Cheers, RAH Who just remembered that Doug Barnes is now in the *head-hunting* business, of all things, though I would believe that they're actually both tired of the thrash... -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
On Tue, 20 Feb 2001, Rachel Willmer wrote:
so I'm coming round to the idea that the only way to do this is via a web-driven interface on a secure server.
Yep, the sad truth is that encrypted mail products just aren't very usable right now. -Bram Cohen "Markets can remain irrational longer than you can remain solvent" -- John Maynard Keynes
You may want to check out the Shibboleth Project ( http;//www.interhack.net/projects/shibboleth/ ). It's a listserv type system that focuses on privacy and security. Matt has the code, but hasn't officially released it since there are still some feature bugs. However, it does have full PGP support for encryption and digital sig's. Of course, that makes overhead on the host processor daunting. Check out the paper there, and if you're interested you can shoot him email. Rachel Willmer writes:
This might be a FAQ. Or it might just be a question with a really obvious answer that I can't see for looking.
How can I set up a mailing list or online forum with encrypted traffic?
The clients are varied platforms: Win98, WinNT, OpenBSD, FreeBSD.
I thought about tweaking the listserver to send out encrypted mails. But that doesn't help the inbound traffic.
I thought about using some online forum. But the only one I can find which looks to make any mention of the word security is Groove. Which is Windows only.
I thought about setting up a VPN between the various mailservers. But we'd have to secure all the MX hosts to be sure, and some of them aren't adminstratively accessible by me. and anyway one of the potential users uses a public ISP,
so um, help! is this a FAQ with no answer? or is this a question with an answer so obvious I'll blush when I'm told what it is...
All suggestions welcome... Rachel
Why not a web-based email/discussion forum over SSL? Or does "encrypted traffic" mean you want it encrypted as it sits around in various places, and not just while it's in-transit. /r$
participants (14)
-
Ben Laurie -
Bram Cohen -
D. Clyde Williamson -
David Honig -
Eric Murray -
Jim Choate -
Jim Choate -
Joseph Ashwood -
Pawel Krawczyk -
R. A. Hettinga -
Rachel Willmer -
Rich Salz -
Sameer Parekh -
Tom