[Enigmail] My Bad, Sorry About That
Jean-David Beyer
jeandavid8 at verizon.net
Fri Aug 22 05:10:45 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John W. Moore III wrote (in part):
> Jean-David Beyer wrote:
>
>> Really? Those lists must be extremely small. Imagine that the list server
>> would have to look up the public key of everyone signed up for the list. And
>> it would need to encrypt the text of every message for each list subscriber.
>> The overhead would be tremendous, would it not?
>
> No. Every Post is Encrypted to the Key of Each List/Group Member.
> There is never a need for Server look-up because each Member provided
> His/Her Key at time of Joining.
>
> In PGP this Key Selection is handled transparently via the 'Group'
> function and with Enigmail is easily accomplished with the Per-Recipient
> Rules. Upon Joining such a Group or List there is a certain amount of
> Set-Up required on the part of the New Subscriber. This is what I
> referenced " _a List_ " in My Original Post.
I guess I do not understand this. (You are, of course, correct that the list
server need get my public key only once and keep it on hand locally, not do
this with every mailing.)
To send me an encrypted message, it must be encrypted using my public key,
right? To send you an encrypted message, it must be encrypted using your
public key too. So if there are 5000 members of a list, the message must be
decrypted by the list server using its private key (this is a very small
overhead) and then encrypted 5000 times, once for each recipient, right?
Now it may be that gpg can do some of that one time only (the compression
for sure and possibly the symmetric cypher), but then the public key part
must be done once per recipient, which could be a nuisance.
Furthermore, would it not be more secure to send each copy with a different
key for the symmetric key? I do not know which would be done on a mailing list.
- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 08:00:01 up 15 days, 14:06, 4 users, load average: 4.21, 4.28, 4.27
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFIrqzFPtu2XpovyZoRAjoKAJ9/nYLR67pigqEcbUy+6nQsRMD1GwCfX2Ap
eQBlow5/uHu+0CEgvsP7bFc=
=iqOO
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list