[Enigmail] Encrypt newsposts

Robert J. Hansen rjh at sixdemonbag.org
Fri May 1 01:32:37 PDT 2009 

mailinglists wrote:
> I didn't think it was a defect, I thought enigmail was being overly 
> protective.  My question is, how do I disable [the] safety?

When people start talking about disabling weapon safeties because the
safety is overly protective, some sense of primordial self-preservation
deep in my hindbrain demands that I dive for cover.

You may want to think a bit about what you've just said here.

> I know what I am doing

I hope you won't take offense, but I doubt this to be true.

> Well, every once in a while, someone with more than 20 years 
> experience in the computer/programming field comes along and is 
> pretty sure he knows what he is doing ;-)

28 years of experience here, plus a thesis away from a Ph.D. in secure
software engineering.  Up until a few months ago I was breaking
electronic voting machines for a living.

John Clizbe has 34 years of experience.

Be very careful when you start using your years of experience as an
argument that you know what you're doing.  You quickly run afoul of
Whitaker's Law that way.  "Do not fall into the trap of the artisan who
boasts of twenty years' experience in his craft while in fact he has
only one year of experience -- twenty times."

> Oh perhaps its niche, but is it unreasonably for me to ask if there 
> is some switch to disable safety? It's not as if it isn't supported.

It is exactly the case that it isn't supported, and this lack of support
is a conscious design decision.

> There is this small software project with a handful of developers,
> testers and managers. Currently we do all discussion via email, which
> is pretty cumbersome and has its own problems. My idea was to set up
> a private news server with access restrictions and SSL encrypting
> traffic to and from. But this still leaves posts unencrypted on the
> server and on the clients as well, which is unacceptable to the
> management.

GNU Mailman to the rescue.  You don't want a news server for this.  Once
you have a private mailing list set up for the group, create a
per-recipient rule for the mailing list which will encrypt the traffic
to the keys of each member of the group.  Since the group is going to be
relatively small and by invitation only, the key management problem is
quite tractable.

Two years ago there was a nationwide mailing list for voting security
researchers.  That's exactly how they did it.  Dan Wallach of Rice
University said that Enigmail worked like a champ in that situation,
much better than PGP Desktop, Evolution, KMail, or other OpenPGP-aware
clients.

If you don't want to host your own mailing lists, you could even do
something through Yahoo! Groups.  The PGPNET mailing list does exactly
this.  John Moore is one of the list moderators; he's active on this
list and will be happy to walk you through the process of doing this.

Your goal is achieved, and the safety stays on.  Sounds like a win to me.

> Allow new members to read old posts, which rules out encryping mails
> to a predefined set of keys, as the keys of potentially new members
> are not known to the original poster.

So you have a Perl script that goes through all the messages, decrypts
them, encrypts them with the new subscriber's key, and sends them
off-list a copy of all traffic sent to this point.  It's not a hard problem.

More information about the Enigmail mailing list