>To send to a mailing list, the sender must either have a copy of the list or the system managing the list must decrypt and re-encrypt the >message. Neither of these is a good fit with the current email architecture. The former is secure but unwieldy; the latter is reasonably >efficient but breaks the desired end-to-end security. FYI, the Sympa list manager which is widely used in Europe does the latter, S/MIME key for the list, and the list software re-encrypts the messages to the recipients' keys. Given a choice between trusting the list software and trusting all of the subscribers, that seems a reasonable way to do it. R's, John