On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote:
I'm looking to decrypt incoming email from subscribers and encrypt outgoing to each. The threat model is to not have any email into or out of the mailing list to be intercepted/monitored.
The two sentences imply different requirements.
Even if you satisfy the requirements in the first sentence, any attacker on the wire will be able to capture ("monitor") the emails; and the headers will be in plain-text (including the Subject header, sender, and recipients), even if the body and attachments are encrypted: https://ssd.eff.org/en/module/why-metadata-matters
Also, if the attacker has compromised the CA, then they will potentially be able to decrypt S/MIME messages (but not OpenPGP messages, if the encryption and key generation were well-implemented[1]).
If you really want to satisfy the requirements in the second sentence, then you might want to look at DIME (aka Darkmail), mixers, or alternatives to email:
[1] At least, not unless affordable quantum computing is available to the attacker. If it is, then you would also need to use a quantum-resistant cipher. Unfortunately, doing that is still very inconvenient to do using GnuPG or similar.
-- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.