> From: LISTSERV site administrators' forum [mailto:LSTSRV-
> [log in to unmask]] On Behalf Of Valdis Kletnieks
> 
> On Wed, 01 Dec 2010 15:35:24 EST, "Kern, Thomas" said:
> 
> > Is there any capability in the current Listserv product to encrypt each
> > posting for each recipient? We have customers who use three different
> > encryption mechanisms, pgp, gpg and a purchased product called Entrust.
> 
> There's really no sane way to do key management in this case.  You really
> want
> the person who's actually originating the note to sign/encrypt it and have
> Listserv distribute the signed/encrypted message.  (Think - do you really
> want
> Listserv to have access to the person's private key? At that point, it's
> out of
> the person's direct control, and shouldn't be considered a private key
> anymore)
> 
> Incidentally, pgp and gpg should be interoperable if configured correctly
> (unless it's a *really* old pgp 2.6 or something).

I was thinking that Listserv might be able to use LDAP or a local file to hold the PUBLIC key of each subscriber and use that key and the appropriate encryption program to prepare the message. A prerequisite for this is that ALL the subscribers have to have some encryption capability in common with the Listserv server (RHEL 5.5 will be OpSys by then).

--
Thomas Kern
Energy Enterprise Solutions, LLC 
Contractor to the
United States Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585
Phone: 301-903-2211 (Office)
Phone: 301-905-6427 (Mobile)
Email: [log in to unmask]