
I hope it doesn't surprise anybody that despite being proponent of this project I'm quite sympathetic to Rich.
Barry Warsaw writes:
That assumes an open membership policy. Wouldn't much of this be mitigated with a closed subscription policy?
Not if the target membership isn't already paranoid. Remember, 20%-40% of devices are already compromised. Even at the low end, assuming uniform draws, with *three* members odds are *even* that one is compromised. Sure, your assumption is non-uniform, but it's not clear it's more optimistic -- suppose feeling paranoid enough to consider an encrypted list means the probability they're out to get you is *higher* than uniform?
And do you really think the proportion of truly tight-lipped potential subscribers is better than 80%?
I'm not saying there's nothing useful here, but there's no longer any such thing as "paranoia" when it comes to IoT (where "thing" includes anything connected, not just embedded devices).
I agree that the security of an encrypted remailer such as we're discussing is only as secure as its recipients. Yet there still may be value in encrypting the communication channels into and out of Mailman, even if that can be compromised at the end-points.
Unless you're talking about a resistence cell in a society that has been authoritarian for a few decades, I think we should assume that content is freely available to anybody who really wants it. It's not just John Podesta "who should know better", I've seen testimony recently from a security professional saying they'd clicked on a spearphish. They were in an isolated environment and they're pretty sure no harm was done, but they did click unintentionally. Jus' plain folks have no chance.
As I've said elsewhere, the only use case I'm seriously considering is encrypted + anonymized, so that you need to compromise (or subpoena) the server (or the exact sender) to identify senders of particular content. People smarter than me might be able to extend that area of applicability.
(b) is not necessarily true. There is lots of work going on to provide secure base platforms on which to implement IoT devices.
There's also active avoidance of the whole concept of security by major device (vs. platform) vendors. C'mon, guys, open telnet port on a router? Plus the reality that many devices produced by Chinese companies are almost certainly backdoored. It will be many years, maybe decades, before IoT means anything but "Internet of Threats".
I still think this is worth doing, both for the occasional use case, and for many of the reasons you give, but the applications are far more restricted than the GSoC applicants seem to think. :-/
Steve