Hi, I would like to share some of my thoughts about encrypting mesages on mailing lists. I think that it would be really great if Mailman (and other mailing list applications) would support encryption. When user will register to mailing list he or she should send his/her public GPG key to the Mailman server. He/she would then receive public GPG key of mailing list. All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed. That approach would resolve several problems: - user would know that messages are really coming from mailing list (no impersonation here); - no spam anymore (or at least much less spam) - registered users would need to send encrypted e-mails to mailing list, all other messages will be dropped; - messages are sent to user in encrypted form (regardless mail archive is public or not) - prevents eavesdropping on public places for instance; - messages stored in user's mailbox are encrypted (this could be important in some countries (don't forget bordercrossing!). Even if mailing list archive is public, this prevents automatic forensic tools to get useful information from the seized disks; - if mailing list is not public messages in an archive are really safe (remember quintessenz and NSA mailing list archive story? :-> ); - if mailing list is public messages in archive are still signed and their itegrity could be checked; - this would promote encryption in several ways: users would be "forced" to use encryption and users would get familiar with encryption; - and this is also important: more e-mail traffic would be encrypted by default - that makes all us who use encryption more safe. Remember: NSA thinks that everybody using encryption should automatically become a target od broader surveillance - let's overload them). I believe we should ask Mailman developers to include that functionality in the future releases. What do you think? Regards, Matej
Quoting Matej Kovacic (2013-08-21 09:49:13)
All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed.
There is already a mailing list software that does that: https://schleuder2.nadir.org/
I believe we should ask Mailman developers to include that functionality in the future releases.
With mailman3 will become pretty easy to create plugins, I guess much of what you say could be done by a plugin. But mailman3 is taking ages to finish. -- Rubén Pollán | http://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
Dnia środa, 21 sierpnia 2013 10:39:50 Ruben Pollan pisze:
Quoting Matej Kovacic (2013-08-21 09:49:13)
All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed.
There is already a mailing list software that does that: https://schleuder2.nadir.org/
Also, I believe Sympa can handle that: https://www.sympa.org/ We have Sympa running our mailing lists at my job, I'll try to test/verify that. -- Pozdr rysiek
On Wed, Aug 21, 2013 at 6:43 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia środa, 21 sierpnia 2013 10:39:50 Ruben Pollan pisze:
Quoting Matej Kovacic (2013-08-21 09:49:13)
All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed.
There is already a mailing list software that does that: https://schleuder2.nadir.org/
Also, I believe Sympa can handle that: https://www.sympa.org/
What's the point of encrypting the output of a mailing list to which anyone can subscribe? -jp -- Jeffrey Paul +1-312-361-0355 5539 AD00 DE4C 42F3 AFE1 1575 0524 43F4 DF2A 55C2 On 21.08.2013, at 12:05, grarpamp <grarpamp@gmail.com> wrote:
On Wed, Aug 21, 2013 at 6:43 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia środa, 21 sierpnia 2013 10:39:50 Ruben Pollan pisze:
Quoting Matej Kovacic (2013-08-21 09:49:13)
All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed.
There is already a mailing list software that does that: https://schleuder2.nadir.org/
Also, I believe Sympa can handle that: https://www.sympa.org/
Worse, why limit a cypherpunks list to only those who use encryption? Several of the cpunks' bastard offsprings set up their own gated communities, unable to put up with those who ridiculed their advocacy of really really opinionated discussion of the glories of crypto. What has been learned since early days of cypherpunks is that all encryption is faulty and survives on willing suspension of disbelief. Not the math, oh never, which is as infallible as the Pope and Muhammad, it's the disbelievers in other people's faith-based communities and who are dedicated to finding faults over there to divert attention from those in here. Still, even back then, encrypted messages were posted by enthusiasts. Nobody answered, many said get the fuck out. At 12:20 PM 8/21/2013, you wrote:
What's the point of encrypting the output of a mailing list to which anyone can subscribe?
-jp
-- Jeffrey Paul +1-312-361-0355 5539 AD00 DE4C 42F3 AFE1 1575 0524 43F4 DF2A 55C2
I think there is probably more value in signed mailing lists than encrypted. If it is encrypted, and the process is anything less than absolutely seamless and transparent, it is likely to drive away a large fraction of the readers. I hardly have time to read or respond to the messages as it is. Add even a few second per message and I would drop out. -Lance -- Lance Cottrell loki@obscura.com On Aug 21, 2013, at 9:49 AM, John Young <jya@pipeline.com> wrote:
Worse, why limit a cypherpunks list to only those who use encryption? Several of the cpunks' bastard offsprings set up their own gated communities, unable to put up with those who ridiculed their advocacy of really really opinionated discussion of the glories of crypto.
What has been learned since early days of cypherpunks is that all encryption is faulty and survives on willing suspension of disbelief. Not the math, oh never, which is as infallible as the Pope and Muhammad, it's the disbelievers in other people's faith-based communities and who are dedicated to finding faults over there to divert attention from those in here.
Still, even back then, encrypted messages were posted by enthusiasts. Nobody answered, many said get the fuck out.
At 12:20 PM 8/21/2013, you wrote:
What's the point of encrypting the output of a mailing list to which anyone can subscribe?
-jp
-- Jeffrey Paul +1-312-361-0355 5539 AD00 DE4C 42F3 AFE1 1575 0524 43F4 DF2A 55C2
This assumes the value stays about where it is. -Lance -- Lance Cottrell loki@obscura.com On Aug 21, 2013, at 10:13 AM, Toby St Clere Smithe <mail@tsmithe.net> wrote:
Lance Cottrell <loki@obscura.com> writes:
I hardly have time to read or respond to the messages as it is. Add even a few second per message and I would drop out.
Regardless of the value of the content?
I can't imagine trusting enough people that I can't see to necessitate a mailing list. It would certainly be neat, though. On Thu, Aug 22, 2013 at 11:49 AM, Lance Cottrell <loki@obscura.com> wrote:
This assumes the value stays about where it is.
-Lance
-- Lance Cottrell loki@obscura.com
On Aug 21, 2013, at 10:13 AM, Toby St Clere Smithe <mail@tsmithe.net> wrote:
Lance Cottrell <loki@obscura.com> writes:
I hardly have time to read or respond to the messages as it is. Add even a few second per message and I would drop out.
Regardless of the value of the content?
-- "On two occasions I have been asked, 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -Charles Babbage, 19th century English mathematician, philosopher, inventor and mechanical engineer who originated the concept of a programmable computer.
On Thu, Aug 22, 2013 at 09:50:32PM -0400, alex wright wrote:
I can't imagine trusting enough people that I can't see to necessitate a mailing list. It would certainly be neat, though.
Neat but pretty pointless... You not only have to trust in the integrity and commitment to your cause and resistance to blackmail and being turned of each and every member, you ALSO have to trust them to be highly skilled at maintaining the security and integrity of the node they read the messages on. So not only do you need highly trusted and trustworthy folks to communicate with, you need very technically competent and careful ones who will not make mistakes with node security and whose lives and circumstances allow them to take the required precautions. I suspect finding enough of the latter is actually harder than finding enough of the former... And as for OPEN or PUBLIC mailing lists subject to completely anonymous/pseudonymous or weakly vetted subscription - the purpose of encryption would only seem to be to trap fools. Any serious adversary has the means to clandestinely subscribe nearly untraceably, and if they care most will. And obviously then the encryption only encourages loose talk and carelessness that an open list would tend to suppress. -- Dave Emery N1PRE/AE, die@dieconsulting.com DIE Consulting, Weston, Mass 02493 "An empty zombie mind with a forlorn barely readable weatherbeaten 'For Rent' sign still vainly flapping outside on the weed encrusted pole - in celebration of what could have been, but wasn't and is not to be now either."
Hi, just a remark to a notice from someone, that the problem is trusting the mailing list software - that it is properly encrypting/decrypting messages, etc. Yes, this is a problem of endpoint security, but the same problem we have right now. Encryption of e-mail in mailing lists would mostly: - assure transport security from/to particular user only (remember - mailing list passwords are send to users unencrypted!) - promote use of encryption technology This are by my opinion the most important goals of this idea. BTW, if someone does not want to use encryption (because he or she has a lot of emails), there should always be an option (for public mailing lists) to decide whether he or she want to receive plaintext only, encrypted or signed mesages. (The point is in choice. :-) ) Regards, Matej
Sure, why not? Why not, you ask. Well, because encryption creates secretkeepers just like official secretkeepers, and it can become an obessession to believe only other secretkeepers and disbelieve those who do not keep secrets. From that a hatred of all-too-trusting openness becomes even more of an enemy. Then the enemy must be demonized and warred against, in secret. However, so long as un-official secretkeeping never turns into protection an uncontrollable killing machine of those who find secretkeeping abysmally opposed to democracy, then it should be an enjoyable past time for innocents avoiding their future of really bad shit planned in official secrecy protected by encryption for their use as cannon fodder. Just a reminder that encryption is a munitions whose only purpose is to secretly fuck with others. Use it for a game only. Wargamers use it to deceive their murderous intentions. Now cryptoanarchy was always only a game of planning assassination of political secretkeepers, despite official misunderstanding and jailing of Jim Bell and Carl Johnson. And not a few others comically believed that encryption would protect them against really dirty fighters who ignored digital black magic to target signal-emitting OTR chatting warriors yarping strategy on cryptophones. My PGP protects my right to post this rant, right? What, there's a fault in my implementation, you say? Sysadmin of mails lists are official informants, come on, now, that's tinfoil gaming.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/21/2013 03:49 AM, Matej Kovacic wrote:
I think that it would be really great if Mailman (and other mailing list applications) would support encryption. When user will register to mailing list he or she should send his/her public GPG key to the Mailman server. He/she would then receive public GPG key of mailing list.
Not a bad idea.
All mail sent to the list should then be encrypted (recipient is mailing list address and user has it's public GPG key). Mailing list would then decrypt it, and deliver that message to it's users encrypted and signed.
A given message could be encrypted to the public keys of every recipient of the list - entirely doable. It could even be done with gpg and the -R option (Encrypt to user ID, but hide the key ID). Not that this would particularly help with publically archived mailing lists because the e-mail addresses of origin would be public (SMTP spoofing as a way of life?)
What do you think?
I think it's an experiment that would generate interesting results. I'd be especially interested in seeing what CPU utilization on the server side is like under varying traffic loads (for better speccing out servers to run such a mailing list). - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Meeble! Meeble meeble meeble! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIU7n0ACgkQO9j/K4B7F8GnpwCfY8HMjrys2eWPH/nR1GS2TN5I e0wAoLwUQHPwobW+Fc8wOsXBGdkuzLkr =uJgL -----END PGP SIGNATURE-----
participants (11)
-
alex wright -
David I. Emery -
grarpamp -
Jeffrey Paul -
John Young -
Lance Cottrell -
Matej Kovacic -
Ruben Pollan -
rysiek -
The Doctor -
Toby St Clere Smithe