On 3/21/17 6:30 PM, Rich Kulawiec wrote:
On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote:
I would say that the problem that is being attempted to solve is fundamentally impossible to do perfectly. It is impossible to distribute messages in a secure manner to a number of recipients that you don't have total control over their enviroment and KNOW that security is being maintained. Communication always has that sort of issue, if you tell someone something private, you need to be able to trust that they will keep it private, and their is always a risk that they will reveal the information intentionally or accidentally. [snip]
I think this (and the rest, which I've elided for brevity) is a very good statement of the problem.
I'll just add that -- in the general case, and quoting from the above, we already KNOW that security is *not* being maintained. It's not an open question, it's been answered very clearly for well over a decade.
(In the specific case, e.g., the right people using the right devices with the right knowledge and self-discipline: maybe. But there are not many of those cases and any of them can revert to the general case in seconds with one poor decision or perhaps even without one.)
---rsk
The only way to keep a secret is not to tell it, as once you have told it, there is no way to keep the person you have told it from repeating it (intentionally, accidentally, or unknowingly). There are times (many of them) where it still makes sense to tell the secret and do your best to keep security.
It is similar to the fact that I know my house is not totally burglar proof. A determined person will be able to break into my home to take/place things, and if they were very determined, maybe even do so undetected. This doesn't mean I give up on security, I still lock my door, because it make me more secure than otherwise.
In the same way, an encrypted mailing list is not perfect, but it is a help, for the transmission of sensitive information that I wish to keep secret. It makes the transmission phase much more secure, and maybe helps a tiny bit on keeping the data at the end point secure. It should be know that, and prominently displayed in the documentation, that encrypted transmission doesn't help significantly with the security at the end points, and you need to evaluate your trust of the recipients to keep the information secure,
One big thing that I haven't seen in the discussion of this problem is exactly WHAT issue/problem this feature is intended to solve, There are several different problems that encryption can help with, each needing different sort of support from the software.
-- Richard Damon