On 01/13/2016 12:23 AM, Dave Cridland wrote:
When senders send to the proxy, they're encrypting in a special way which means that the proxy can't decrypt; instead it can only re-key the message to each member. The proxy also cannot add other keys (including its own), so cannot just add itself as a member and decrypt the result. Members receive the message, and thanks to the crypto-fairies, they see it as signed by the sender. I like to think of this as a special-case of homomorphic encryption, but only so I can sound like I know what I'm talking about.
I don't see any way that this could work using PGP, but I confess I don't know enough about S/MIME to know if it could be done using it or not.
Doug