PGP Encrypted Mailing Lists Issues

PGP Encrypted Mailing Lists Issues

Post by James Roc » Fri, 10 Dec 1999 04:00:00



I note from the 6.5.1 Int PDF manual that it is possible to
synchronise public key distribution lists with your email package
distribution lists, thus enabling list encryption.

Has anyone here ever done this successfully?

I ask because I am thinking of setting up a confidential email list
(via onelist.com).  I'd imagine the list admin overhead to be quite
high, and the list signon for new subscribers a little daunting.

Also, if admin isn't really meticulous, and all list members don't
have a public key in the PGP distribution list, someone on the list
won't be able to read the list mail (PGP wouldn't know if this
condition existed of course).

I note that in 6.5.1 Int, the group pane DOESN'T list the total number
of list participants.  Now this is going to make list management
difficult, cross-checking against the number of list participants in
one's email package.

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Charles Gall » Fri, 10 Dec 1999 04:00:00




<snip>

Quote:>I ask because I am thinking of setting up a confidential email list
>(via onelist.com). <snip>

Jim,
        You get this working, let me know!  I've been thinking about
it too.  The other option I thought of (But it requires access to a
server, and maybe some custom code)  is something like majordomo.  I'd
love to be able to do the following:

The List itself has a key
The Admin functions have a different key
The list keys a database of addresses and their keys - subscribers can
be added either with admin approval, or not

A message comes in encoded to the list itself, the list parses it
apart, re encrypts X messages (were X is the number of subscribers),
and sends them on their way.  This way the decriptor doesn't get a
list of what keys are on the message

Anyone out there done this?

Charlie

-- PGP Key on Request
For the Children RKBA!

 
 
 

PGP Encrypted Mailing Lists Issues

Post by James Roc » Sat, 11 Dec 1999 04:00:00


On Thu, 09 Dec 1999 23:15:53 -0500, Charles Gallo


>You get this working, let me know!  I've been thinking about
>it too.

Well I thought I should discuss it first as it's not really that well
documented in the PDF.  Also how to verify, internationally, digital
signatures: how far do you take the verification process for each new
list participant - make a phone call?

Quote:>The list keys a database of addresses and their keys - subscribers can
>be added either with admin approval, or not

                                      ^^^^^^
Not quite sure that I follow the reasoning behind that.  The only
reason I want to setup a PGP list is to guarantee confidentiality from
the point a list participant sends a message right through to the
receipt of list mail.

Quote:>A message comes in encoded to the list itself, the list parses it
>apart, re encrypts X messages (were X is the number of subscribers),
>and sends them on their way.  This way the decriptor doesn't get a
>list of what keys are on the message

Oops!  Are you saying that when the PGP session key of the encrypted
list message is further encrypted with a multiple public key, that all
members of that multiple public key can be viewed (in terms of key ID)
by other members?  (Won't it just say "Unknown Signer, Key ID is",
assuming that other list members will not be in the recipient's public
key ring?)  One could always advise list members to generate a key
pair just for the list mail - and NOT distribute the public key - only
sending a copy to the list admin.  Then their key ID would always be
unidentifiable to other list members?

Perhaps we should setup a dummy PGP list to thrash out the issues?

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Dmitriy Moroz » Sat, 11 Dec 1999 04:00:00



>>A message comes in encoded to the list itself, the list parses it
>>apart, re encrypts X messages (were X is the number of subscribers),
>>and sends them on their way.  This way the decriptor doesn't get a
>>list of what keys are on the message

>Oops!  Are you saying that when the PGP session key of the encrypted
>list message is further encrypted with a multiple public key, that all
>members of that multiple public key can be viewed (in terms of key ID)
>by other members?  (Won't it just say "Unknown Signer, Key ID is",
>assuming that other list members will not be in the recipient's public
>key ring?)  One could always advise list members to generate a key
>pair just for the list mail - and NOT distribute the public key - only
>sending a copy to the list admin.  Then their key ID would always be
>unidentifiable to other list members?

Well, that would kind of ruin the idea behind both keyID, public keys and
web of trust. The way Mr. Gallo suggested it is much better. The only
trade-off is that you would have to actually right a program that would do
certain manipulations on the "messages" (PGP by itself (command-line
version) can do it but it would not be as efficient), the rest are
advantages - and as far as program goes, in order to get someting you have
to make at least some effort.

--
Dmitriy Morozov

 
 
 

PGP Encrypted Mailing Lists Issues

Post by James Roc » Sat, 11 Dec 1999 04:00:00




>Well, that would kind of ruin the idea behind both keyID, public keys and
>web of trust.

There are many aspects to this:

1) Issues surrounding public key distribution is really up to each
list participant: they either issue a distributed public key to the
list admin, or generate a separate key pair just for the list.  That
is their choice and their right.  I wouldn't want to dictate any rules
here.  If a list member uses a published public key for the list admin
to encrypt list mail to them, then obviously anonymity isn't an issue.

What they choose to do, may be influenced by (2).

2) Depending on the *nature* of the list i.e. list content, a list
member may decide that in addition to their email being encrypted,
they don't want to be fully identified in the distribution list.  I
think it is reasonable to expect some list members to want this.

3) A list member can always publish their public key via the list if
they so chose, thus automatically identifying their key in the
distribution list.

Quote:>The way Mr. Gallo suggested it is much better. The only
>trade-off is that you would have to actually right a program...

Well it is better only if you have the programming resources and you
have already identified the need for this level of key manipulation.

1) I don't have the time to get involved in programming, nor do I want
to.  I'd rather concentrate on the list management itself.

2) I can't see a problem with multiple public keys encrypting the
session key, so long as list members realize that if they use a
distributed public key, then it will be possible to ID them in the
distribution list.

3) Probably most important of all for me - I wouldn't be running a
list directly, but sending list mail to a remote distribution address.
This means that separate encryptions for each list participant is not
workable, as each message sent to the list address goes to *all*
participants from the remote server.

That's how I see it at the moment.  But I'd really like to test all
this to see how it *actually* works.  :)

James - PGP Encryption/Signing Supported

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Charles Gall » Sat, 11 Dec 1999 04:00:00




>On Thu, 09 Dec 1999 23:15:53 -0500, Charles Gallo

<snip>
>>The list keys a database of addresses and their keys - subscribers can
>>be added either with admin approval, or not
>                                      ^^^^^^
>Not quite sure that I follow the reasoning behind that.  The only
>reason I want to setup a PGP list is to guarantee confidentiality from
>the point a list participant sends a message right through to the
>receipt of list mail.

<snip>

Well, I'd really like if SOMEONE has to vouch for the person being
added.  Maybe any member can add a key/address?

Charlie

-- PGP Key on Request
For the Children RKBA!

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Charles Gall » Sat, 11 Dec 1999 04:00:00




<snip>

Quote:

>2) I can't see a problem with multiple public keys encrypting the
>session key, so long as list members realize that if they use a
>distributed public key, then it will be possible to ID them in the
>distribution list.

>3) Probably most important of all for me - I wouldn't be running a
>list directly, but sending list mail to a remote distribution address.
>This means that separate encryptions for each list participant is not
>workable, as each message sent to the list address goes to *all*
>participants from the remote server.

<snip>

Depends on HOW secure and anonymous you want the list to be.  I think
the goal both of us here is a way to send messages to a group of
people with NO way for it to be traced.  No way, none, nada.  It won't
matter how much mail gets generated.  In fact, to spoof traffic
analysis, the list I'm thinking about would have dummy mails going out
every so often based on list traffic

What I'm really thinking about (Not that I need it) is a secure
broadcast medium, where the identity of the listeners and the
broadcaster MUST be hidden.  Included in this is was to tell if there
was tampering on the server, and the way to shut down sections of the
broadcast if you think security has been breached, BUT keep sending
"false" messages to that part of the broadcast

Yes, I know, I'm talking deep comsec here.  I wish I knew more theory
on this, but I'm afraid the stuff on the level I'd like to PLAY is
probably classified in the levels above TS

-- PGP Key on Request
For the Children RKBA!

 
 
 

PGP Encrypted Mailing Lists Issues

Post by James Roc » Sun, 12 Dec 1999 04:00:00


On Fri, 10 Dec 1999 18:30:27 -0500, Charles Gallo


>Depends on HOW secure and anonymous you want the list to be.

Well a PGP list should be secure and I think most experts would agree
that they are as secure.  Anonymity is really a personal issue, down
to each list participant I think.  It is up to them to decide if they
want an identified public key in the distribution or not.  (OK, I'm
using the PGP distribution model here, as that's all I have to hand.)

Quote:>I think
>the goal both of us here is a way to send messages to a group of
>people with NO way for it to be traced.  No way, none, nada.  It won't
>matter how much mail gets generated.  In fact, to spoof traffic
>analysis, the list I'm thinking about would have dummy mails going out
>every so often based on list traffic

I hadn't taken it quite that far, but I can see the need for that too.
Surely it would be possible to setup all list members via an anonymous
server.  I know there's one in Finland although I forget the address.
Would that do the trick?

OK list signon would be even more complex:

1)  Create anonymous email account
2)  Get PGP
3)  Make Keys for anonymous account
4)  Signon to PGP List

Quote:>What I'm really thinking about (Not that I need it) is a secure
>broadcast medium, where the identity of the listeners and the
>broadcaster MUST be hidden.

I doubt that my needs go that far, I'd run a list on a commercial host
so it would always be easy to ID me as the moderator.

Quote:>Yes, I know, I'm talking deep comsec here.

Yes you are, but if you see a real need for it, fair enough.

James - PGP Encryption/Signing Supported

 
 
 

PGP Encrypted Mailing Lists Issues

Post by James Roc » Sun, 12 Dec 1999 04:00:00


On Fri, 10 Dec 1999 18:21:28 -0500, Charles Gallo


>Well, I'd really like if SOMEONE has to vouch for the person being
>added.  Maybe any member can add a key/address?

The method suggested in the PGP manual is to verify the digital
signature over the phone.  If people are able to physically meet, well
that's easy, but I guess you're thinking of an internet wide project?

James - PGP Encryption/Signing Supported

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Charles Gall » Sun, 12 Dec 1999 04:00:00




>On Fri, 10 Dec 1999 18:21:28 -0500, Charles Gallo

>>Well, I'd really like if SOMEONE has to vouch for the person being
>>added.  Maybe any member can add a key/address?

>The method suggested in the PGP manual is to verify the digital
>signature over the phone.  If people are able to physically meet, well
>that's easy, but I guess you're thinking of an internet wide project?

>James - PGP Encryption/Signing Supported

Well,
        PGP vouching is about can you trust the signature to belong to
the person, not can you trust the person.  I'm talking Can you trust
the person, and the ONLY signing key would be the server itself.  At
most, you would know 4 other people on the net, and they would know
YOU, and NO one else would know you, or even that you existed!

Charlie

-- PGP Key on Request
For the Children RKBA!

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Charles Gall » Sun, 12 Dec 1999 04:00:00




<snip>

Quote:>I doubt that my needs go that far, I'd run a list on a commercial host
>so it would always be easy to ID me as the moderator.

>>Yes, I know, I'm talking deep comsec here.

>Yes you are, but if you see a real need for it, fair enough.

<snip>

Last night I did some reading after work.  Although it hasn't been
done yet, according to what I can find anyway, what I need is called a
DC-Net.  Totally untraceable, encrypted, broadcast..

At this point, my needs are theoretical, not real, but I can see
situations where that would be reversed

CAG
-- PGP Key on Request
For the Children RKBA!

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Richard M. Pis » Mon, 13 Dec 1999 04:00:00


On Sat, 11 Dec 1999 14:30:11 -0500, Charles Gallo




>>On Fri, 10 Dec 1999 18:21:28 -0500, Charles Gallo

>>>Well, I'd really like if SOMEONE has to vouch for the person being
>>>added.  Maybe any member can add a key/address?

>>The method suggested in the PGP manual is to verify the digital
>>signature over the phone.  If people are able to physically meet, well
>>that's easy, but I guess you're thinking of an internet wide project?

>>James - PGP Encryption/Signing Supported

>Well,
>    PGP vouching is about can you trust the signature to belong to
>the person, not can you trust the person.  I'm talking Can you trust
>the person, and the ONLY signing key would be the server itself.  At
>most, you would know 4 other people on the net, and they would know
>YOU, and NO one else would know you, or even that you existed!

>Charlie

>-- PGP Key on Request
>For the Children RKBA!

I am kind of new to all this... but wouldn't there be a weak
area in the traffic _from_ the list site?  Seems that even
if the content of the messages could be read only by the
subscribed members, the high traffic in encrypted material
would draw the unwelcome attention of the NSA. (Hello out
there... waving to NSA... :) Want to waste some time?)

Maybe that would be enough to qualify the list as as
"prove-you-are-innocent" suspect in some future * /
war on * type law.

I do remember reading that no encypted messages were allowed
for civilian traffic during war time, because of censorship
laws.

Just my $0.02

--

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Andrew Brun » Mon, 13 Dec 1999 04:00:00


"JR" == "James Roche" writes:

JR> On Fri, 10 Dec 1999 18:21:28 -0500, Charles Gallo
JR>
JR> >Well, I'd really like if SOMEONE has to vouch for the person
JR> >being added.  Maybe any member can add a key/address?
JR>
JR> The method suggested in the PGP manual is to verify the digital
JR> signature over the phone.  If people are able to physically meet,
JR> well that's easy, but I guess you're thinking of an internet wide
JR> project?
JR>
JR> James - PGP Encryption/Signing Supported

Though I am not "in the loop" of things and a PGP authority Here is a
bit of what I think of key signing and how to use PGP.

(By the way, I have posted that thing about a good book on codes and
I am in that frame of mind even more now and have put a bit of
thought to what is said in the book.)

PGP is a system of sending messages.  Nothing more.  I think you are
silly to think it is more than that.

Here is why:

I am a person on a computer now.   YOU don't know who I am - and like
wise I don't know you.

I am typing this reply to whom I think is someone asking about
signing keys and is open to opinions.

Now, PGP can allow me to send you a message securly and no one else
can read it.

But what you do with the message AFTER that is out of my control.

- bare with me folks -

Signing keys is a similar thing.

The trust levels and that bit I give little support to - partly
because I am here in Australia and though there will be people out
there using PGP, I am not "in the loop" of needing to speak with lots
of people with sensitive material all the time.

If I meet "Joe Blow" and need to talk to him securly, fair enough, I
get his key check it with him on the phone or how ever.

But is "Joe Blow" really Joe Blow - or a person who has infiltrated
the link between the real one and myself?

Unless you KNOW, and have known for a long time the person, PGP can
ONLY offer you a secure LINK.

It does NOT guarantee the other peson is who they claim to be, or
what they will do with the information, OR the validity of the
information you get from them.

A lot of people to whom I have spoken are foolishly believing that
PGP (or any SECURE encription system) is the "be all end all" of
their problems.

It isn't.

Does that help?

I bet it may have put a cat among the pigeons.   Sorry.

Errr, and sorry, but I am not in News groups often.

If you want to talk to me, feel free to e-mail me.  No flames though
please.   ;)

My key is at the bottom of the other post, and I don't want to post
it again.  Bit silly really.

Have fun.
--
Andrew Bruno

------------------------------------------------------------------------
Posted with Amiga NewsRog
------------------------------------------------------------------------

 
 
 

PGP Encrypted Mailing Lists Issues

Post by Barrett Richardso » Mon, 13 Dec 1999 04:00:00



> "JR" == "James Roche" writes:

> JR> On Fri, 10 Dec 1999 18:21:28 -0500, Charles Gallo

> JR>
> JR> >Well, I'd really like if SOMEONE has to vouch for the person
> JR> >being added.  Maybe any member can add a key/address?
> JR>
> JR> The method suggested in the PGP manual is to verify the digital
> JR> signature over the phone.  If people are able to physically meet,
> JR> well that's easy, but I guess you're thinking of an internet wide
> JR> project?
> JR>
> JR> James - PGP Encryption/Signing Supported

> Though I am not "in the loop" of things and a PGP authority Here is a
> bit of what I think of key signing and how to use PGP.

> (By the way, I have posted that thing about a good book on codes and
> I am in that frame of mind even more now and have put a bit of
> thought to what is said in the book.)

> PGP is a system of sending messages.  Nothing more.  I think you are
> silly to think it is more than that.

There are all sorts of uses for PGP. I catalog MD5 checksums for
all kinds of things on my system that I don't want tampered with.
I download the catalog (really just a flat file) to a secure
workstation, generate a detached signature, and upload the
signature to the server. Keys to verify the sig and PGP program
are kept on a read only media on the server. Using PGP in this
manner I can ascertain with a high level of confidence if any key
items on my server have been tampered with.

You could probably easily use this methodology to make
a windows box more tamper resistant. New viruses (virii?)
often escape detection by popular virus softwares, a failed
PGP sig for an important executable provides an excellant
indication that it has been tampered with.

If you have a registered domain, Network Solutions will accept
PGP signatures as an authorization scheme. Once you are satisfied
that it is your key associated with your nic handle, you have
pretty solid protection against unauthorized modifications to
your domain registration.

-

Barrett

 
 
 

PGP Encrypted Mailing Lists Issues

Post by p.. » Mon, 13 Dec 1999 04:00:00




Quote:>> PGP is a system of sending messages.  Nothing more.  I think you are
>> silly to think it is more than that.

It is generally a method of confirming that a sender is the same sender
as you expect them to be.

Quote:>If you have a registered domain, Network Solutions will accept
>PGP signatures as an authorization scheme. Once you are satisfied
>that it is your key associated with your nic handle, you have
>pretty solid protection against unauthorized modifications to
>your domain registration.

Unless Network Solutions have finally fixed this, it certainly does avoid
unauthorized modifications since even *you* can not change it. I spent
9 months or more when they first offered it trying to get *any* modification
through automatically and failed every time. They would have to hand
process the requests.

Ciao,

--
Phelim "Pug" Gervase   | "I want to be called. COTTONTIPS. There is something
Bryn Gwlad - Ansteorra |  graceful about that lady. A young woman bursting with
Dark Horde Moritu      |  vigor. She blinked at the sudden light. She writes