On Wed, Jan 13, 2016 at 1:33 AM, Doug Barton <dougb@xxxxxxxxxxxxx> wrote: > On 01/12/2016 06:27 PM, Phillip Hallam-Baker wrote: > Well, yeah. :) Did I miss a proposal for new tech? Yep, we all did. Twenty years ago. >> The other >> is that you have to find someone you trust to run the mailing list or >> the jabber contact service or whatever. > > > Well that's a given no matter what solution you choose. If you're relying on > someone else to do encryption on your behalf, you have to trust them. But > that's a marginal increase in trust compared to running a non-encrypted list > in the first place. That is precisely the point. With proxy re-encryption 'recryption' you do not need to trust the mailing list server. Only the list admin needs to be trusted with the master decryption key. The reason for bringing this up right now is that it is a technique we should start to look at using as soon as implementations of the CFRG algorithms start becoming available.