[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs
Rich Kulawiec
rsk at gsp.org
Sat Mar 18 13:54:05 EDT 2017
On Thu, Mar 16, 2017 at 08:10:03PM +0100, Norbert Bollow wrote:
> Even if not every device is secure, the difficulty, and likely cost,
> for an attacker to snoop on the communications is much greater for an
> encrypted mailing list is than for a non-encrypted one.
The difficulty is greater -- but not by much. Attackers have long
since become extremely proficient at installing keystroke loggers
and extracting credentials in order to compromise many other forms
of communication. It's only an incremental, low-cost step for them
to extend those techniques to encrypted mailing lists.
Now I'll grant that this is unlikely to happen immediately (except
for intelligence agencies, who will be ready for this before it's
deployed in the field). But one of the things that we've seen over
and over again is that once attackers decide that a particular
target (or kind of target) has value, they'll focus on it with
surprisingly rapidity.
---rsk
More information about the Mailman-Developers
mailing list