[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

[J.B. Nicholson]

Rich Kulawiec wrote:
> What all of this means is that once a list passes N members, where
> we can debate about N, the probability that at least one of those
> members has already been compromised even before they've joined the
> list starts rapidly increasing.

I understand there are more insecure devices on the Internet all the time 
and that's unfortunate, but I don't think it's avoidable. What do you 
suggest we do about this using Mailman (since this is Mailman-developers)?

Perhaps this means I don't understand what the goals of combining a mailing 
list and public key cryptography are (could someone please state what those 
goals are?). I took the goals to be the following:

- make changes in messages easier to identify at the endpoints. So long as 
posters use strong cryptography methods and sign+encrypt their posts. Sure, 
a compromised device could change the message between the time someone 
writes their message and the time they sign+encrypt it, thus 
signing+encrypting an altered message. But we have that problem now and I 
don't see anyone calling for all research work to stop on any number of 
other things because of it. Also, for those without compromised devices who 
know what they're doing (a smaller set of people, as you point out) posts 
to mailing lists are likely easily changeable without most people being the 
wiser or having any ability to verify short of constantly asking others 
"Did you really post this?". Given how much en route data alteration is 
going on, it seems we ought to do something to at least let the user know 
the message they're looking at has a high likelihood of not being what was 
sent.

- provide a practical means of using extant services (along with most of 
the UI expectations and technical advantages we've come to expect) to 
convey encrypted data and store encrypted data such that the plaintext of a 
message is not often exposed to any program server-side.

- allow users to do some degree of identity confirmation. With what I've 
seen in this thread so far, poster identities are as verifiable as public 
key encryption and web of trust allow. If I see a post from someone I trust 
whom I know knows how to use, say, GPG correctly I then have increased 
confidence their post was signed by them. Currently, where lists are 
typically entirely plaintext, I understand it's quite easy for someone to 
post in someone else's name and email address and for any network operator 
(such as one's ISP) to alter the data en route.

But I could have the goals of this entire endeavor completely wrong, in 
which case I await correction.