LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Security for private list

David Stodolsky <[log in to unmask]>

Sun, 13 Nov 1994 13:31:09 +0100

text/plain (43 lines)

Dwight K. Lemke" <[log in to unmask]> writes in
Subject:      Re: Security for private list:
> must use the public key to encrypt their message.  Anyone in possession
> of a disk mailed to them by you with the private key, will be able to
> decrypt and read the message--and of course, the NSA.  But, you now have
 
If you use the longer keys in PGP, NSA will not be
able to break the message. However, the whole point of public key
crypto is to avoid the widespread distribution of private keys, which
is the major weakness of the above proposal. In fact, there is not
much of an advantage in using a public key system as above,
might as well use a private key system.
 
A better way to use PGP in this situation is for each subscriber
to select public and private keys. Then the public keys of all should be
published to the list. A submission could then be signed by the sender,
authenticating the source. Next the message key would be encoded
with the public key of each subscriber. Subscribers would decode
the message by using their private key on the message key encoded
with their public key. They could then decode the message and also
verify the signature of the sender.
 
The weakness of this scheme is the initial distribution of public
keys via the list. This could be avoided by, for example, the sending of
public keys by subscribers to the list owner by smail. The public
keys would then be sent back to establish secure communication
between subscribers. Additional key distribution could then be via
the list as subscribers are added. Each new subscriber would have
to exchange smail with the list owner.
 
There are more advanced crypto schemes that have "group" capabilities
built in. This means a single session key could be decoded by all
subscribers, even though they do not share a private key.
I don't think this is available in PGP. It would be necessary
for larger lists, where the encoding of message keys for each subscriber
gets impractical.
 
dss
 
David S. Stodolsky, PhD               Internet: [log in to unmask]
Tornskadestien 2, st. th.       (C)         Tel.: + 45 38 33 03 30
DK-2400 Copenhagen NV, Denmark               Fax: + 45 38 33 88 80

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM