[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] encrypted mailing lists



On 08/21/2013 03:44 AM, Matej Kovacic wrote:
> All mail sent to the list should then be encrypted (recipient is mailing
> list address and user has it's public GPG key). Mailing list would then
> decrypt it, and deliver that message to it's users encrypted and signed.

  Well, it may offer some benefit if you (as a subscriber) don't trust
your email provider.  But it's not that useful if you don't trust the
mailing list server. Even if you're sending your mail encrypted to the
server, the server then would need to decrypt it before encrypting it to
the recipients.  It also doesn't protect against someone you don't trust
being added to the mailing list (thereby getting all emails) or someone
on the mailing list sending mails outside or betraying people (which
never happens).

  tl;dr: Might be okay in some threat models, doesn't work in others.
;-)  Good for people who are trying to emphasize the active use of GPG.
People who cross borders frequently are better served by full-disk
encryption.

best,
Griffin

-- 
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint@xxxxxxxxxxxxx

My posts, while frequently amusing, are not representative of the thoughts of my employer. 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk