Dwight K. Lemke" <[log in to unmask]> writes in Subject: Re: Security for private list: > must use the public key to encrypt their message. Anyone in possession > of a disk mailed to them by you with the private key, will be able to > decrypt and read the message--and of course, the NSA. But, you now have If you use the longer keys in PGP, NSA will not be able to break the message. However, the whole point of public key crypto is to avoid the widespread distribution of private keys, which is the major weakness of the above proposal. In fact, there is not much of an advantage in using a public key system as above, might as well use a private key system. A better way to use PGP in this situation is for each subscriber to select public and private keys. Then the public keys of all should be published to the list. A submission could then be signed by the sender, authenticating the source. Next the message key would be encoded with the public key of each subscriber. Subscribers would decode the message by using their private key on the message key encoded with their public key. They could then decode the message and also verify the signature of the sender. The weakness of this scheme is the initial distribution of public keys via the list. This could be avoided by, for example, the sending of public keys by subscribers to the list owner by smail. The public keys would then be sent back to establish secure communication between subscribers. Additional key distribution could then be via the list as subscribers are added. Each new subscriber would have to exchange smail with the list owner. There are more advanced crypto schemes that have "group" capabilities built in. This means a single session key could be decoded by all subscribers, even though they do not share a private key. I don't think this is available in PGP. It would be necessary for larger lists, where the encoding of message keys for each subscriber gets impractical. dss David S. Stodolsky, PhD Internet: [log in to unmask] Tornskadestien 2, st. th. (C) Tel.: + 45 38 33 03 30 DK-2400 Copenhagen NV, Denmark Fax: + 45 38 33 88 80