[Enigmail] My Bad, Sorry About That
Faramir
faramir.cl at gmail.com
Fri Aug 22 23:07:04 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen escribió:
> John W. Moore III wrote:
>> You are placing far too much work on the List/Group Server. All it must
>> do is receive & disseminate the Posts to the List. All
>> Encryption/Decryption occurs on the Member's computer. Keyring
>> Maintenance is the responsibility of each individual member.
> It's not especially secure because "three can keep a secret if two are
> dead." That's just basic common sense. A mailing list with a large
> number of people is going to have a hard time keeping secrets from
> someone who is serious about finding out details.
I agree, if 20 persons have access to a secret, it is very likely one
of them will either talk about it, or to make a mistake and leave it
where someone else can read it... however, if the only purpose is to
avoid sniffing, it would not be so bad... right?
> It's not especially scalable because of something called a "combinatoric
> explosion". When the list is just one person, no keys need to be
> exchanged. When the second person joins, one key exchange needs to be
> done. When the third person joins, two key exchanges take place. When
> the fourth, three key exchanges. And so on and so on. With 100 people
> on the list, you're going to have 4,950 key exchanges. Assuming just
Wait... isn't it the reason why public keys are supposed to be so
useful? I mean, the fact each one just need to get 1 key per
recipient... if the list has 100 persons, and I join it, I would just
need to get 100 public keys, and not to exchange a lot more keys... and
each of the other 100 members (now we would be 101), would need to
import my key, that would be 200 exchanges... me getting 100, and 100
people getting 1 new key...
> one in a hundred goes awry, you're talking about 50 pairs of people who
> can't talk to each other and a flurry of messages like "I couldn't read
> the last, it wasn't encrypted to my key, please fix this."
Well, I figure in certain lists, if a member is unable to get the
keys... the list owner can apply the K.I.T.A. procedure... (kick in
the..) of course, it is not advisable to do it in a public support list,
like this, but it is very likely it can work in... let's say, an ogame
alliance list...
> Given that's their goal, the two problems really aren't all that bad.
> However, if you were running a mailing list devoted to, say, the
> overthrow of a government, trafficking in contraband, or other such
> high-risk behavior, you would probably want to set things up much
> differently.
I agree, and I would not be willing to know anything about the subject
(at least, not in a list... I would be talking about the subject person
to person, and inside a bathroom with the shower open, the W.C. running,
and playing a Cannibal Corpse CD at high volume in the HiFi system...
P.S: if next time I hear Cannibal Corpse at high volume, police kicks my
door, I will tell you about it... (lol)
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJIr6kIAAoJEMV4f6PvczxAX/sH/REBNcQMzx67WS4yJ+4kKZq/
C3ANmZaSTwE8pZ+VSTBt+8kDFY45ASZhBhLRD3VHktUNiWO/RMW6zRHHNKH4Otpe
EL6Y5zE7RG0Mf9vt+ByeJp2s6mm1lPLEuxBPqJ+0bTrMcL1LvHYkovVb8Ei2MDPv
vC+KaOatOxLwXug2OwJCBA/GcK71/JQu2oL3q/v6hZ/NuCNhmxCu1ieF7XdvPaPb
mjUEl6zHf5QZrm7LjkZSKc5fyDmhYenHbJ6kk+5VlwkCiWBqcSe5DDcrvzGGB7r6
lcMDKPOlpMtsvjlgN3YFO0wc/Ve6gTJWm0drEAz+kaXiGcbf5A0zZGkBUMZXkbM=
=ux6N
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list