Re: On email and web security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/13/2016 02:33 PM, Matthew Kerwin wrote:
> 
> On 14/01/2016 7:25 AM, "Doug Royer" <douglasroyer@xxxxxxxxx
> <mailto:douglasroyer@xxxxxxxxx>> wrote:
>>
>> On 01/13/2016 08:03 AM, Phillip Hallam-Baker wrote:
>> >>...
>> >> On 01/12/2016 06:27 PM, Phillip Hallam-Baker wrote:
>> >
>> > That is precisely the point. With proxy re-encryption 'recryption' you
>> > do not need to trust the mailing list server. Only the list admin
>> > needs to be trusted with the master decryption key.
>>
>> And you would have to trust the mailing list software verified that the
>> incoming email was encrypted, and by a trusted source, and only accepted
>> encrypted email.
>>
>> If the list server accepted unencrypted email, encrypted it with the
>> lists key, would anyone be able to tell?
>>
> 
> If it comes in plaintext, nothing stops the server (algorithmically or
> morally) from adding a header or some body text that says "I encrypted
> this, but before that it was clear"
> 
> At least then the recipients would know the message they received is the
> one the list server distributed, even if not the original author.

A person that replied to the list message, and had expected the
conversation to be secure, might want to know that part of the
conversation was not secure.

So, I would think that an added header would be a MUST.

In ether case your trusting the list server implementation,
configuration, and site admins and not just the list admin with the list
key as commented above.

It would also be a hole where a subpoena could allow anyone to see the
communications. After decryption, and before re-encryption. For those
that really want a secure list.

In addition, users of the list would have to trust that the
implementation, configuration, or site admins would forward only
encrypted emails to other list members, else its only secure at the
endpoints that happen to use encryption.

How could you tell that the encrypted email sent to a list server did in
fact encrypt the email when it forwarded the email to all recipients?

So, I can't see how anyone that wanted a secure communication could
trust re-encrypted list forwarding. (or at least how I understand this
idea as described in this thread).

-- 

Doug Royer - (http://K7DMR.us / http://DougRoyer.US)
DouglasRoyer@xxxxxxxxx
714-989-6135

<<attachment: smime.p7s>>


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]