[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] encrypted mailing lists



If you need a truly secure contact method why not run a micro forum and use
SSL instead? You could install LAMP and phpBB and then manually approve
sign ups and use complex permissions.
On Aug 21, 2013 9:31 AM, "Griffin Boyce" <griffinboyce@xxxxxxxxx> wrote:

> On 08/21/2013 03:44 AM, Matej Kovacic wrote:
> > All mail sent to the list should then be encrypted (recipient is mailing
> > list address and user has it's public GPG key). Mailing list would then
> > decrypt it, and deliver that message to it's users encrypted and signed.
>
>   Well, it may offer some benefit if you (as a subscriber) don't trust
> your email provider.  But it's not that useful if you don't trust the
> mailing list server. Even if you're sending your mail encrypted to the
> server, the server then would need to decrypt it before encrypting it to
> the recipients.  It also doesn't protect against someone you don't trust
> being added to the mailing list (thereby getting all emails) or someone
> on the mailing list sending mails outside or betraying people (which
> never happens).
>
>   tl;dr: Might be okay in some threat models, doesn't work in others.
> ;-)  Good for people who are trying to emphasize the active use of GPG.
> People who cross borders frequently are better served by full-disk
> encryption.
>
> best,
> Griffin
>
> --
> "Cypherpunks write code not flame wars." --Jurre van Bergen
> #Foucault / PGP: 0xAE792C97 / OTR: saint@xxxxxxxxxxxxx
>
> My posts, while frequently amusing, are not representative of the thoughts
> of my employer.
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk