[Mailman-Developers] PGP and Mailman
Brad Knowles
brad at stop.mail-abuse.org
Wed Mar 2 12:37:41 CET 2005
At 8:31 AM +0100 2005-03-02, Stefan Schlott wrote:
> This will create huge messages in large MLs.
Each additional recipient would be a few extra bytes in the
encrypted message. However, since the message is compressed first,
unless you've got a list of thousands and thousands of recipients,
then odds are that the result would still be smaller in size than a
message that was only PGP-signed.
> Further, this will reveal
> all recipients' key ids - something not wanted in anonymous lists.
True. A session key would be encrypted to each key id, so the
key ids would be visible. However, subscriber information is not too
hard to get from Mailman even when it's supposedly limited to being
available only to the admin, so I think there may be bigger fish to
fry elsewhere.
> Imho the tradeoff lies somewhere inbetween - encrypt messages to n
> recipients (yet to be implemented).
The problem is that encrypting a message is a very CPU-intensive
process, and you don't want to figure off thousands and thousands of
message encryption processes for every single submission -- you'd DoS
yourself to death. You'd have to make n pretty large in order to be
able to make this scalable.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Developers
mailing list