On 2 Jun 2015, at 15:59, Phillip Hallam-Baker wrote:
The bigger issue for me is 'mailing list'. I can easily write a
protocol
for an end to end secure collaborative forum as a Web Service but
there is
no way that I expect to do anything useful with legacy SMTP
infrastructure
as the transport.
For what it's worth, the lists where I see encryption happening right
now publish a public key for the list address and make the corresponding
private key available to the mailing list software, which encrypts
towards individual participants. So it's not end-to-end, it requires
some centralised key management and the plain text of any encrypted
message is exposed on the mailing list server.
Joe