[lug] Encryption on a mailing list?

Wayde Allen wallen at boulder.nist.gov
Tue May 9 11:43:53 MDT 2000

On Sun, 7 May 2000, PC Drew wrote:

> Are there any list servers out there that can handle PGP encryption?
> I'm thinking of something where when you subscribe to the list, you
> exchange public keys with the server.  Then, when you send mail to the
> list, the mail gets decrypted using the server's private key and then
> encrypted for each user, using their public key, and sent to that
> user.
> Anybody know of such a thing?

I've thought about this too.  No, I've never heard of such a list, but
don't see why this functionality couldn't be established using the
existing listservers with a little bit of work.  In majordomo for
instance, I think you could alias the incoming mail to a decoding script
before sending it to main list processor.  Perhaps by replacing

junk: "|/usr/lib/majordomo/wrapper resend -l junk junk-list"

with something like

junk: "|/usr/lib/decode |/usr/lib/majordomo/wrapper resend -l junk junk-list"

I'm not sure that is exactly syntactically correct, but you should get the
idea.  Adding the public key encryption for each subscriber would be a bit
more problematic.  I think this would need to be added to the resend
script itself.

Tweaking the mailman list could be a bit more interesting.  I don't know
if there are any built-in filters that could be used for this.  I don't
see any obvious ones right at the moment anyway, but the code for the
listserver seems reasonably straight foreword. 

> If not...maybe I'll think about writing
> something like that...just curious!

You would get a closed list that only members could read this way.  There
are several issues that bother me though.  One is whether or not such a
list would be valuable or not?  When you subscribe to a list your messages
typically become public, and the main reason for using a list serve is so
that the individuals involved don't have to worry about who wants to read
their posts.  I tend to think that most people use Public Key encryption
to ensure that only their intended recipients can read the message.  If
the list does this for them, it seems that you have compromised or at
least relaxed this security since the poster usually doesn't know who is
subscribed to a list.  In other words, what is keeping someone you don't
want to read your posts from subscribing, and now getting the encrypted
posts themselves.  Yes, restricting subscriptions to being by approval
only partly solves this, but still leaves this security issue outside the
influence of the poster.

Another issue is whether the overhead of decrypting and re-encrypting a
large volume of messages on the fly is worth the processing overhead? 
Perhaps simply using e-mail signatures solves the same security concern
without modifying the list software, and distributes the processing
overhead among all of the list members at the same time?  Another option,
might be to broadcast a public key ring that all of the list members would
use with their local encryption software (yeah that has some problems

- Wayde
  (wallen at boulder.nist.gov)

More information about the LUG mailing list