Perry re-started this mailing list in response to the Snowden revelations about the NSA's attacks on Internet cryptography. He raised the questions of whether we could make a Prism-proof Internet. That's a big problem, and we've been debating small pieces of it ever since. I'd like to suggest a smaller problem, just as a kind of rallying point. This list has certainly attracted NSA interest. Whether by subject, by keyword matching, or because so many of the participants here are clearly "adversaries" of those in the NSA responsible for gaining access to all that crunchy good stuff out there, there's no way anyone here could avoid scrutiny. So ... imagine we don't like that. How could this list be constituted in a "secure" way? The quotes are on "secure" because even the definition of the word isn't clear. Realistically, there's no way to avoid an NSA "plant" joining an open group, so perhaps there's little point in encrypting the messages. Anonymous/pseudonymous posting? Signed messages? (A few members post them; hardly any of us do.) Does that just make messages even more traceable/linkable? We think we know what it means to have secure 1-1 email. Adding a couple of additional participants seems as if it leaves the nature of the problem unchanged, but in fact you very quickly get into trust issues: In a 1-1 conversation, I can decide whether to trust my correspondent. In any multi-party conversation, it's likely that at least one of the participants doesn't know *all* the others, so must make an indirect trust decision: I trust him because the others here seem to trust him. For a mailing list, this problem explodes - while in addition there are all kinds of issue with how exactly to set up key exchanges. A moderated group like this could be looked at as a star configuration: In a way, each participant really only communicates with the moderator. But that seems to miss the point - despite the moderation, this group *feels* like a free-flowing conversation among a group of people. So what would a reasonable security model for the Cryptography list look like? Is it inherently just an open discussion? Or could we come up with something else? If we can do more, what kind of software would be needed to make it as free-flowing and easy to participate in and manage as the current list? -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography