AW: [Mailman-Developers] Secure Mailing Lists

Brad Knowles brad.knowles at
Fri Nov 28 04:21:01 EST 2003

At 9:53 AM +0100 2003/11/28, Dietmar Maurer wrote:

>  Sorry, I dont underdstand that suggestion. You want to put several
>  encrypted messages into one mail?


>                                    (I dont know much about public key
>  systems). That would increase the size of the message? Or is it possible
>  to encrypt a message once so that several people can decrypt it?

	Your latter question gets to the point.  You encrypt the message 
once with the session symmetric key, and then you encrypt the session 
symmetric key once for each recipient public key.  Each recipient 
uses their private key to decrypt the session symmetric key, which is 
then used to decrypt the message.

	Fortunately, PGP makes all this transparent to the recipients. 
The resulting message is somewhat larger, because you've encrypted 
the session symmetric key for each recipient public key, but this is 
usually a relatively small expansion and since PGP has built-in 
compression, this is not usually too much of a loss.

	If you had a large number of recipients, this might become more 
of an issue.  In that case, you might want to do this function in 
smaller batches.

	The only disadvantage with this approach is that you can see what 
keyids that a message is encrypted for, and this allows someone to do 
traffic analysis (see who is talking to whom).  If this was an issue 
of concern, then this is something that should be configurable on a 
per-list basis.

Brad Knowles, <brad.knowles at>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

More information about the Mailman-Developers mailing list