Re: Mailinglist programs with PGP-encryption?

Jukka E Isosaari (jei@zor.hut.fi)
Tue, 19 Jan 1999 19:19:00 +0200 (EET)

• Next message: Robert Hettinga: "CFP: The Philodox Symposium on Digital Bearer Technology"
• Previous message: EKR: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: Bill Frantz: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• Next in thread: John Perry: "Re: Mailinglist programs with PGP-encryption?"
• Reply: John Perry: "Re: Mailinglist programs with PGP-encryption?"

On Mon, 18 Jan 1999, Alan Olsen wrote:

> On Jan 15, 4:43pm, Michael Motyka wrote:
>
> > It doesn't sound particularly difficult but I don't get the point - if
> > anyone can subscribe to the list a la majordomo then what's the point of
> > encrypting the mail?
> >
> > You would need to restrict subscription for encryption to make sense.
> > Even then, the larger the list the more likely it is to get infiltrated.
>
> This at least gets rid of the snoops who want to read the list trafic without
> an announced presence. (Be it governments or just nosey sysadmins.)
>
> Just make sure that your mail application supports PGP in some easy to use
> fashion. Otherwise reading such a list becomes a MAJOR chore. (How many times
> do you get to type in your passphrase today?)

Keep the PGP-key without password and store it on a crypted
filesystem. That way, at least when you are the only user &
sysadmin of your computer, you only have to write a key once
per session, and you can feel pretty safe about it. (Assuming
that you notice if the system has been tampered with.) The same
goes for SSH-keys, etc.

> The other problem with pgpdomo is that each message is encrypted once to all
> participants. Therefore you can see all of the keys that the message is
> encrypted to. This can be good and bad. For one thing, you can see if someone
> you do not know is on the list. However some plug-ins for PGP do not deal well
> with 100+ keys on the encryption list and scroll right off the end of the
> screen. ('OK' button and all.)
>
> Something worth striving for, but definitly in the beta stages of usefulness.

Well, this kind of programs seem to be behind the motivation
for Wassenaar Agreement & US lobbying efforts, so I imagine
they give them spooks severe headaches, and that makes this
worth while for me.

Also, keeping a seemingly interesting mailinglist that is open
only to people who can and do use PGP, would seem to be helping
in proliferating it's use to the masses.

PS The PGPdomo doesn't seem to be very widely available at the moment.
(I couldn't find it.) So, I think some mirrors would be helpful.

++ J

• Next message: Robert Hettinga: "CFP: The Philodox Symposium on Digital Bearer Technology"
• Previous message: EKR: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: Bill Frantz: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• Next in thread: John Perry: "Re: Mailinglist programs with PGP-encryption?"
• Reply: John Perry: "Re: Mailinglist programs with PGP-encryption?"