Sorry to revive a dead thread, but I think this general idea of a re-encrypting mailing list has been implemented:
https://bitbucket.org/awruef/listcrypt/src Enjoy! -Dan On Mon, Jul 11, 2016 at 11:43 PM, Ben Nagy <[email protected]> wrote: > I just spent a while talking myself out of spending my holiday writing > code. Instead I am going to be doing elementary Ancient Greek, > finishing up the calculus sections of khanacademy and working through > Malory's epic Mort D'Arthur. > > Here's the pitch: Clique is a standalone app that operates a gmail > account. If you're registered, you can send PGP encrypted emails to it > (but if you're using ancient ciphers they'll bounce). Clique decrypts > them, then re-encrypts and re-mails them individually to the other > registered participants. Yes, it's a mailing list. > > There are several elephants in this room, and I'll take a minute to > address them as straw-men. Or straw-elephants. I don't even know if > metaphors stack. > > Why not just use [some piece of crap OSS mailing list server]? > > First and foremost, I didn't even find any that claim to be able to do > this. The key point of Clique is that it encrypts outgoing emails to > individual public keys. Secondly, there are a lot of users who would > be... uncomfortable... with the idea of trusting a mail server that > speaks to the internet (for DNS and, say, SMTP(s) IMAP(s) or POP). It > would get worse when you tell them that it's running a plugin to > automatically muck around with GPG. > > I thought you hated GPG, publicly, because you're all COMSEC hipster and shit? > > What I've actually said is that GPG is a terrible choice for covert > communication. The users that would like Clique are something like > (huge coincidence) research teams working on secret shit. Everyone > knows who they are and that they talk. The main driver for those users > is the confidentiality of the messages and the ability to be able to > add or remove users from the list fairly expediently. > > Why not just use Tor and Signal? > > Once again, there are some users for whom "linking" is their > overwhelming concern. If their real identities are linked to > pseudonyms, that's a problem. If real identities are linked to > "certain other users" then that's also a problem. To address those > issues, there are a number of technologies that have evolved to have > very different properties to, say, PGP. Because those approaches are > more recent, they are assumed, in some circles, to be universally > superior; in reality, however, they are simply better at _certain > things_ > > Covert multi-party communication is hard. Stupid hard. Instead of > trying to hitch my cart to the hype-train express, I had planned to > just spend a couple of weeks banging out code and have a tool that > would work well for the people that needed it. > > Why run it through Google? Are you a lizard person? > > I am a fan of letting Google handle the hard stuff. DNS is hard. > Running a mail server is hard. Data security, physical security, blah > blah blah. Since Clique (would) run on any machine and is simply a > consumer of the Gmail API it has a much smaller attack surface. Also, > since the flow is through Gmail, that takes care of most of the > availability issues (if such exist). There is no privacy concern with > using Gmail for this, though. They get to see encrypted messages. > That's the entire threat the system is designed to resist. It's fine. > They get to see who is emailing, and when. Yes, but that's a threat > this system is NOT designed to resist. > > I may yet be a lizard person, that's an independent premise. > > What could possibly go wrong? > > If the person running Clique is malicious, you lose everything. That > shouldn't worry you, though, since you all use Slack. Since clique > (would have been) a standalone client, written in Go, it doesn't > depend on any OS stuff, so you'd be free to just set a machine to > auto-install all updates and reboot whenever. Anything can be hacked, > of course, but a standalone machine which you're allowed to update, > running one client in a memory-safe language is close to a best-case > scenario. > > Anyway, that's it. It's probably wrong to bore thousands of people > with an elevator pitch for software I didn't even write, but it's at > least a change from SILICA videos. > > If you find yourself with a couple of weeks and nothing better to do, > feel free to keep the name. > > Cheers, > > ben > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
