Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

After I wrote most of this, I see Norbert covered some of the same points, but from the point of view of his specific use case. So I'm just going to send despite a bit of redundancy. Rich Kulawiec writes: > Granted, this will diminish as more communications become encrypted, but > for the

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Mon, 17 Apr 2017 19:22:52 -0400 Rich Kulawiec wrote: > On Sun, Mar 19, 2017 at 06:14:22PM +0100, Norbert Bollow wrote: > > That is true, if the attacker already knows whose communications > > they want to snoop on. However one of the main benefit of using > > encrypted

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Sun, Mar 19, 2017 at 06:14:22PM +0100, Norbert Bollow wrote: > That is true, if the attacker already knows whose communications they > want to snoop on. However one of the main benefit of using encrypted > communications is in the area of making it much more expensive and > politically risky

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Jan Jancar writes: >b) Added complexity, maintenance cost to Mailman's infrastructure. > This can be mitigated by implementing encrypted mailing lists > either as a plugin as was proposed here before, In one sense, a plugin is the ONLY way this feature can be reasonably implemented

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Wed, 22 Mar 2017 21:15:46 -0400 Barry Warsaw wrote: > Is anybody even aware of any mainstream mobile email readers that > support encryption? One of my friends uses K9 on his Samsung mobile phone; it works fine for him, allowing him to exchange GPG-encrypted emails with me.

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Mar 23, 2017, at 12:06 AM, Stephen J. Turnbull wrote: >FYI: Encrypted lists *are* occasionally requested. Another possible use case would be attempting to prevent the wholesale compromise of email storage. Meaning, if you keep your email on some external server, and that server is

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Mar 21, 2017, at 07:27 PM, Stephen J. Turnbull wrote: >Not if the target membership isn't already paranoid. Remember, >20%-40% of devices are already compromised. Even at the low end, >assuming uniform draws, with *three* members odds are *even* that one >is compromised. Is anybody even

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On 03/22/2017 04:02 PM, Stephen J. Turnbull wrote: > Also references to existing knowledge would be appreciated, such as > "zero knowledge" schemes that might allow untrusted root on Mailman > host, and the various implementations like SELS that have been > mentioned. In my proposal [1 or 2], I

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On 03/22/2017 04:06 PM, Stephen J. Turnbull wrote: > Rich Kulawiec writes: > > > (In the specific case, e.g., the right people using the right > > devices with the right knowledge and self-discipline: maybe. But > > there are not many of those cases and any of them can revert to the > >

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On 03/21/2017 11:16 PM, Rich Kulawiec wrote: > On Tue, Mar 21, 2017 at 04:04:20PM +0100, johny wrote: >> Shifting the attacker to actively compromise devices is an overall >> improvement. > > If "compromising devices" was difficult, I might agree. But it's not. > Devices of all descriptions

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Rich Kulawiec writes: > (In the specific case, e.g., the right people using the right > devices with the right knowledge and self-discipline: maybe. But > there are not many of those cases and any of them can revert to the > general case in seconds with one poor decision or perhaps even >

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Richard Damon writes: > One big thing that I haven't seen in the discussion of this problem is > exactly WHAT issue/problem this feature is intended to solve, There are > several different problems that encryption can help with, each needing > different sort of support from the software.

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote: > I would say that the problem that is being attempted to solve is > fundamentally impossible to do perfectly. It is impossible to distribute > messages in a secure manner to a number of recipients that you don't have > total control

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Tue, Mar 21, 2017 at 04:04:20PM +0100, johny wrote: > Shifting the attacker to actively compromise devices is an overall > improvement. If "compromising devices" was difficult, I might agree. But it's not. Devices of all descriptions have been and are being compromised in enormous numbers on

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On 03/18/2017 09:04 PM, Rich Kulawiec wrote: > On Fri, Mar 17, 2017 at 09:54:48AM +1100, Morgan Reed wrote: >> I'd submit that this is tantamount to saying "it's impossible to make a >> 100% secure system so why bother even trying". > > Then you're not grasping my point. Let me try again. > >

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

I hope it doesn't surprise anybody that despite being proponent of this project I'm quite sympathetic to Rich. Barry Warsaw writes: > That assumes an open membership policy. Wouldn't much of this be > mitigated with a closed subscription policy? Not if the target membership isn't already

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Rich Kulawiec writes: > What all of this means is that once a list passes N members, where > we can debate about N, the probability that at least one of those > members has already been compromised even before they've joined the > list starts rapidly increasing. This is true, but you've

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Sat, 18 Mar 2017 13:54:05 -0400 Rich Kulawiec wrote: > On Thu, Mar 16, 2017 at 08:10:03PM +0100, Norbert Bollow wrote: > > Even if not every device is secure, the difficulty, and likely cost, > > for an attacker to snoop on the communications is much greater for > > an encrypted

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On 3/18/17 4:37 PM, Rich Kulawiec wrote: On Thu, Mar 16, 2017 at 05:30:36PM -0400, Barry Warsaw wrote: ... It *might* be. The problem is that the list owner and other list members have no way to know. From their point of view, there is no way to know that whether the latest list member --

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Thu, Mar 16, 2017 at 05:30:36PM -0400, Barry Warsaw wrote: > On Mar 15, 2017, at 09:47 PM, Rich Kulawiec wrote: > > >What all of this means is that once a list passes N members, where > >we can debate about N, the probability that at least one of those > >members has already been compromised

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Fri, Mar 17, 2017 at 09:54:48AM +1100, Morgan Reed wrote: > I'd submit that this is tantamount to saying "it's impossible to make a > 100% secure system so why bother even trying". Then you're not grasping my point. Let me try again. I suggest that you re-read what I've written *and*

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Thu, Mar 16, 2017 at 08:10:03PM +0100, Norbert Bollow wrote: > Even if not every device is secure, the difficulty, and likely cost, > for an attacker to snoop on the communications is much greater for an > encrypted mailing list is than for a non-encrypted one. The difficulty is greater -- but

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Thu, Mar 16, 2017 at 12:47 PM, Rich Kulawiec wrote: > I think that this is an instance where a huge amount of well-intended > design and development effort will result in a "solution" that cannot > provide what it intends to because underlying circumstances prevent it. > And --

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Mar 15, 2017, at 09:47 PM, Rich Kulawiec wrote: >What all of this means is that once a list passes N members, where >we can debate about N, the probability that at least one of those >members has already been compromised even before they've joined the >list starts rapidly increasing. That

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Thu, 16 Mar 2017 10:46:27 -0400 Rich Kulawiec wrote: > I suggest that Mailman do nothing, because even if it solves all the > problems that it can solve, all it will do is provide a thin veneer of > security/privacy on top of a thoroughly rotten foundation. Yes, there > will be

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

On Wed, Mar 15, 2017 at 11:31:44PM -0500, J.B. Nicholson wrote: > I understand there are more insecure devices on the Internet all the time > and that's unfortunate, but I don't think it's avoidable. What do you > suggest we do about this using Mailman (since this is Mailman-developers)? I

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Rich Kulawiec wrote: What all of this means is that once a list passes N members, where we can debate about N, the probability that at least one of those members has already been compromised even before they've joined the list starts rapidly increasing. I understand there are more insecure

Re: [Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

All of these proposals overlook significant known, current threats -- none of which they're capable of addressing, but some of which badly undercut the suggested approaches. To list just one of those -- albeit a rather prominent one -- the Internet's population of hijacked systems (aka bots or

[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Bhavishya Desai wrote: Now I would like to know(specifically) what are some other threats,which could effect this and any difficulties with implementation. I imagine that the encryption and/or hash algorithms will change over time as encryption is broken and people figure out ways to create