[tor-talk] encrypted mailing lists

Nathan Suchy theusernameiwantistaken at gmail.com
Mon Aug 26 11:14:23 UTC 2013


If you need a truly secure contact method why not run a micro forum and use
SSL instead? You could install LAMP and phpBB and then manually approve
sign ups and use complex permissions.
On Aug 21, 2013 9:31 AM, "Griffin Boyce" <griffinboyce at gmail.com> wrote:

> On 08/21/2013 03:44 AM, Matej Kovacic wrote:
> > All mail sent to the list should then be encrypted (recipient is mailing
> > list address and user has it's public GPG key). Mailing list would then
> > decrypt it, and deliver that message to it's users encrypted and signed.
>
>   Well, it may offer some benefit if you (as a subscriber) don't trust
> your email provider.  But it's not that useful if you don't trust the
> mailing list server. Even if you're sending your mail encrypted to the
> server, the server then would need to decrypt it before encrypting it to
> the recipients.  It also doesn't protect against someone you don't trust
> being added to the mailing list (thereby getting all emails) or someone
> on the mailing list sending mails outside or betraying people (which
> never happens).
>
>   tl;dr: Might be okay in some threat models, doesn't work in others.
> ;-)  Good for people who are trying to emphasize the active use of GPG.
> People who cross borders frequently are better served by full-disk
> encryption.
>
> best,
> Griffin
>
> --
> "Cypherpunks write code not flame wars." --Jurre van Bergen
> #Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
>
> My posts, while frequently amusing, are not representative of the thoughts
> of my employer.
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list