Vladis wrote on 12/01/2010 04:05:23 PM:

> There's really no sane way to do key management in this case.  You
really want
> the person who's actually originating the note to sign/encrypt it and
have
> Listserv distribute the signed/encrypted message.  (Think - do you
really want
> Listserv to have access to the person's private key? At that point,
> it's out of
> the person's direct control, and shouldn't be considered a private
> key anymore)

Listserv (or something down stream, perhaps the mail relay) would have to
be where the encryption is done.  Before Listserv processes the message,
the recipients are unknown.  I suppose that the email could be encrypted
with a generic encryption tool with a shared key, but if someone is
dropped as a subscriber, they would still have the shared key until it is
changed.  Perhaps a web site with indvidual logins to host the actual
message and a list to distribute notifications.

As someone else pointed out, if the message is not encrypted from sender
to Listserv, it's open to attack.  I suppose if the point of origin is on
the same network as Listserv, that might be acceptable.  Otherwise,
something needs to sit in front of Listserv to decrypt it.



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.