[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] encrypted mailing lists



Hi,

>         This is virtually a public mailing list. Anybody can join (or read the archives), so there's no point in encrypting anything...
With all respect, but I don't really agree here.

I think that it would be really great if Mailman (and other mailing list
applications) would support encryption. When user will register to
mailing list he or she should send his/her public GPG key to the Mailman
server. He/she would then receive public GPG key of mailing list.

All mail sent to the list should then be encrypted (recipient is mailing
list address and user has it's public GPG key). Mailing list would then
decrypt it, and deliver that message to it's users encrypted and signed.

That approach would resolve several problems:

- user would know that messages are really coming from mailing list (no
impersonation here);

- no spam anymore (or at least much less spam) - registered users would
need to send encrypted e-mails to mailing list, all other messages will
be dropped;

- messages are sent to user in encrypted form (regardless mail archive
is public or not) - prevents eavesdropping on public places for instance;

- messages stored in user's mailbox are encrypted (this could be
important in some countries (don't forget bordercrossing!). Even if
mailing list archive is public, this prevents automatic forensic tools
to get useful information from the seized disks;

- if mailing list is not public messages in an archive are really safe
(remember quintessenz and NSA mailing list archive story? :-> );

- if mailing list is public messages in archive are still signed and
their itegrity could be checked;

- this would promote encryption in several ways: users would be "forced"
to use encryption and users would get familiar with encryption;

- and this is also important: more e-mail traffic would be encrypted by
default - that makes all us who use encryption more safe. Remember: NSA
thinks that everybody using encryption should automatically become a
target od broader surveillance - let's overload them).

I believe we should ask Mailman developers to include that functionality
in the future releases.

What do you think?

Regards,

Matej
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk