On 3/21/17 6:30 PM, Rich Kulawiec wrote:
On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote:
I would say that the problem that is being attempted to solve is
fundamentally impossible to do perfectly. It is impossible to distribute
messages in a secure manner to a number of recipients that you don't have
total control over their enviroment and KNOW that security is being
maintained. Communication always has that sort of issue, if you tell someone
something private, you need to be able to trust that they will keep it
private, and their is always a risk that they will reveal the information
intentionally or accidentally.
[snip]
I think this (and the rest, which I've elided for brevity) is a very good
statement of the problem.
I'll just add that -- in the general case, and quoting from the above,
we already KNOW that security is *not* being maintained. It's not an
open question, it's been answered very clearly for well over a decade.
(In the specific case, e.g., the right people using the right devices
with the right knowledge and self-discipline: maybe. But there are
not many of those cases and any of them can revert to the general case
in seconds with one poor decision or perhaps even without one.)
---rsk
The only way to keep a secret is not to tell it, as once you have told
it, there is no way to keep the person you have told it from repeating
it (intentionally, accidentally, or unknowingly). There are times (many
of them) where it still makes sense to tell the secret and do your best
to keep security.
It is similar to the fact that I know my house is not totally burglar
proof. A determined person will be able to break into my home to
take/place things, and if they were very determined, maybe even do so
undetected. This doesn't mean I give up on security, I still lock my
door, because it make me more secure than otherwise.
In the same way, an encrypted mailing list is not perfect, but it is a
help, for the transmission of sensitive information that I wish to keep
secret. It makes the transmission phase much more secure, and maybe
helps a tiny bit on keeping the data at the end point secure. It should
be know that, and prominently displayed in the documentation, that
encrypted transmission doesn't help significantly with the security at
the end points, and you need to evaluate your trust of the recipients to
keep the information secure,
One big thing that I haven't seen in the discussion of this problem is
exactly WHAT issue/problem this feature is intended to solve, There are
several different problems that encryption can help with, each needing
different sort of support from the software.
--
Richard Damon
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
