Re: (fwd) "Will You Be a Terrorist?"
In a post to <cypherpunks@toad.com>, cactus@bb.com (L. Todd Masco) wrote:
Now, this won't give protection from traffic analysis; In was suggestion, I was really blurring two seperate lines of thought (I'm interested in PGPified mailing list software for content-hiding reasons; I'm trying to set up a "distributed business" that I'd like to keep secure). Also, though, I'm not sure I want to count on anonymous remailers being available. If people want to effectively "chain" them, that's fine.
I don't see how using PGPified mailing lists help at all (with the assumtion that anyone can subscribe). I mean, anyone can simply subscribe to the list and then read all of the traffic. What's the point? Anyways... I *can*, however, see the use of using PGP encryption for mailing list submissions, expecially combined with an aliasing feature. (i.e. the mailing list has a key pair, and people send mail to it). Possibly even accepting something like the cypherpunk remailer format (i.e.: :: anon-post-from: bob etc... ). This, however, *might* be going to far for some people's comfort, because it would allow *COMPLETELY* untraceable posts (depending on the security of the site, but that's another issue). You can do other remailer-type traffic analysis defeaters like sending out the posts in random order at fixed intervals, etc.
- What I want (for other purposes) is a mailing list that has its own public key; Material is encrypted to it, it decrypts it, and then the material is encrypted with each recipient's public key (I'm assuming a PGP base here). Probably simply to do, but has anybody done it? No pretense of protection from traffic analysis here: just to keep prying 3rd parties' eyes off it.
See above. Also, a couple problems with encrypting it to each person on the list is that it takes: #1 Space for all of the keys #2 Time to encrypt EACH message to each person Both of which quickly become a problem on high-volume lists such as cypherpunks. Also, it requires that EVERYONE use PGP if they want to read the list. This, I believe, is an unacceptable requirement. --- jonathan@memex.com PGP 2.6 key available. Fingerprint: (Jonathan Adams) 40 27 43 E0 5C 20 66 0E EE 8C 10 9F EC 40 78 6A (revoked!) A5 77 E9 28 88 DD B7 D4 9C 8C F9 D5 D8 3F 45 BE (new! 1024 bit)
In article <9409180700.AA09412@memexis.memex.com>, Jonathan Adams <jonathan@memex.com> wrote:
In a post to <cypherpunks@toad.com>, cactus@bb.com (L. Todd Masco) wrote:
(I'm interested in PGPified mailing list software for content-hiding reasons; I'm trying to set up a "distributed business" that I'd like to keep secure). Also, though, I'm not sure I want to count
I don't see how using PGPified mailing lists help at all (with the assumtion that anyone can subscribe). I mean, anyone can simply subscribe to the list and then read all of the traffic. What's the point? Anyways...
Wrong assumption: I'm interested in this for private lists, to which a small, stable number of people are subscribed. Hope that helps elucidate a bit more... -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
participants (2)
-
cactus@bb.com -
jonathan@memex.com