From: Richard Barrett, [EMAIL PROTECTED]
><< You have to pass the crypto keys by hand otherwise the
>security falls over at that point anyway. If you phone or
>email it, everyone can know it. >>
>
>If you use PGP, you generate a private key (which you keep) and a public key
>(which you can freely email out to all and sundry). To decrypt a message,
>you need both keys and a password. To send a message, you need to know the
>public key of the person to whom you're sending the message (which the
>recipient will make freely available also).
Right. Public key cryptography is arguably the most important
breakthrough in cryptography, ever, because it solves the problem of
key distribution. The delicious irony is that while it solves that
problem for the spooks, military and business, who would be stuffed
without it, it also give thee and me the opportunity to resist
intrusion into our private communications. "The Code Book" by Simon
Singh has a decent layman's explanation of the issues.
>No use for mass mailings, but fine for messages to few intended recipients.
>PGP is free and also has other uses, e.g. secure, compressed storage on your
>hard drive.
>
Not quite so. There is an add-on in alpha test for the open source
Mailman mail list manager (http://www.list.org/) called MMreencrypt
(http://sourceforge.net/projects/mmreencrypt/) which addresses this
problem.
Its description says: "MReencrypt is an add-on for Mailman. It allows
reencrypting mailing lists for added security. Users post messages
PGP- or GPG-encrypted to the list's public key. MMReencrypt decrypts
them, then re-encrypts the message to each subscriber."
Of course this is all fairly irrelevant if a given mailing list has
subscription open to all; NCIS/GCHQ can subscribe like everybody else
and supply their public key. But if membership of a list is
restricted and new members "vetted" in some way before being added to
the list it should work OK to make snooping off the wire more
difficult.
--
I was talking more in the realms of IPSec when I was talking about
the distribution of crypto keys. If you have PGP already you
don't need IPSec.
Steve.
Cybershooters website: http://www.cybershooters.org
List admin: [EMAIL PROTECTED]
___________________________________________________________
T O P I C A The Email You Want. http://www.topica.com/t/16
Newsletters, Tips and Discussions on Your Favorite Topics
