FAQ? how to set up a cross-platform encrypted mailing list/forum

Thu Feb 22 08:54:09 PST 2001

On Tue, Feb 20, 2001 at 04:27:49PM +0000, Rachel Willmer wrote:
> The problem I see with doing this, is that it doesn't stop someone 
> absent-mindedly sending out an unencrypted mail to the list server. Which 
> then will travel happily in the clear over the Internet to the list server, 
> (where it gets encrypted and sent back out again but its too late by then).
> 
> so I'm coming round to the idea that the only way to do this is via a 
> web-driven interface on a secure server.
> 

What's your threat model?  It's significantly more difficult for an
attacker to capture packets on the wire than is is for them to capture
them on the sending server, an interim mail server or on the client.
But doing a web based secure-server would require that the mail be in
the clear on the server (well, you could encrypt it, but you'd have to
automatically decrypt it to display it to each client, so you'd have
to have the key somewhere where the OS can read it at any time... which
makes it effectively in the clear).   So an attacker could get the
entire list's worth of traffic from the server.

Requiring incoming mail to be encrypted to the server, then
decrypting it and re-encrypting to each recipient (as Joseph Ashwood)
suggested) would mean that there are potentially only a few messages
in the clear on the server at any one time.  To get a significant
portion of the list's traffic, an attacker would have to
subvert the server in some way such that it gets plaintext copies
of the messages for a period of time.  It'd be easier for the attacker
to simply subscribe to the list...

which leads me to my next point- how will you prevent attackers from
subscribing to the list?  Even with a perfect encrypted mailing list,
the attacker can simply subscribe.  One list that I have been on prevents
attackers from subscribing by having current members vouch for a potential
new member, preferably after having met them in real life.  However,
it'd be easy for someone with the time and inclination to impersonate
an on-line persona during a real-space meeting.  (for instance, in a
lot of places I could pass myself off as Tim May, famous cypherpunk.
Someone less public would be much easier.  For that matter, if you met
me, how would you know that I'm really Eric Murray?).  It's enough
for this one list, but the attackers have only limited time and
resources to put into their attack.

So if your threat model includes spys who would put effort into
subscribing to the list to spy on it's activities, then there's not much
use to encrypting the traffic-- it'll be read by the enemy anyhow.

> ugh.

indeed.

-- 
  Eric Murray           Consulting Security Architect         SecureDesign LLC
  http://www.securedesignllc.com                            PGP keyid:E03F65E5