Re: Is PGP broken?

John Kelsey Mon, 04 Dec 2000 04:57:08 -0800
-----BEGIN PGP SIGNED MESSAGE-----

At 05:52 PM 12/3/00 -0800, Bram Cohen wrote:

...
>If I recieve mail from a mailing list, it potentially might
>have info about both how to encrypt mail sent to the sender,
>and how to encrypt mail sent to the list - it really should
>be able to include both, and specify which is which.

>-Bram Cohen

>[Personally, I'm not sure it is worthwhile worrying about
>how to encrypt mail to a large mailing list -- a secret
>known by more than a couple of people is never secret for
>long. Signatures on list mail are another matter. --Perry]

It seems like it might be really useful to have encryption
on mailing lists for small groups, but I agree that lists
with a hundred people on them may as well be in cleartext,
for most purposes.

It seems like a much more immediately useful feature would
be to have mailing-list software that required a valid PGP
signature from a known subscriber's key to allow posting,
and then would sign all outgoing messages with the list
software's public key.  If subscribers automatically have to
send in their public key, and receive the list software's
public key, then at least the key distribution part of the
problem would be handled more-or-less automatically.  If
that initial signup isn't interfered with, the mailing list
gets signed messages, and the receivers all have the right
key to check the message signatures.  Interestingly, this
kind of application would do what people usually want
certificates to do, but without anyone in the role of a CA.

 --John Kelsey, [EMAIL PROTECTED]
PGP Fingerprint: 5D91 6F57 2646 83F9  6D7F 9C87 886D 88AF
...| ``Slavery's most important legacy may be a painful insight
...| into human nature and into the terrible consequences of
...| unbridled power.'' --Thomas Sowell, _Race and Culture_


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo

iQCVAwUBOitPbiZv+/Ry/LrBAQF1xgQAucB4sFrxXOs6QQUPXlmZQuGzM0S2me7I
79ulcUnCOqgZYJs2l/Z8H3a8g3DRvQMQGEBaOdkrALSsQJamevJIskEoUPe1CDQj
DGn/2h49a9c9JFVqOFGCOSlL8d0/Kn52tNwtsX8XPpLeg40Zkq6E/5HzclxGSFb5
M16nl46FzJk=
=NAv6
-----END PGP SIGNATURE-----
Re: Is PGP broken?

Reply via email to
