[Mailman-Developers] Encrypted lists predictable difficulties and implementation needs

Richard Damon Richard at Damon-Family.org
Wed Mar 22 08:23:02 EDT 2017 

On 3/21/17 6:30 PM, Rich Kulawiec wrote:
> On Sun, Mar 19, 2017 at 07:33:24AM -0400, Richard Damon wrote:
>> I would say that the problem that is being attempted to solve is
>> fundamentally impossible to do perfectly. It is impossible to distribute
>> messages in a secure manner to a number of recipients that you don't have
>> total control over their enviroment and KNOW that security is being
>> maintained. Communication always has that sort of issue, if you tell someone
>> something private, you need to be able to trust that they will keep it
>> private, and their is always a risk that they will reveal the information
>> intentionally or accidentally.
> [snip]
>
> I think this (and the rest, which I've elided for brevity) is a very good
> statement of the problem.
>
> I'll just add that -- in the general case, and quoting from the above,
> we already KNOW that security is *not* being maintained.  It's not an
> open question, it's been answered very clearly for well over a decade.
>
> (In the specific case, e.g., the right people using the right devices
> with the right knowledge and self-discipline: maybe.  But there are
> not many of those cases and any of them can revert to the general case
> in seconds with one poor decision or perhaps even without one.)
>
> ---rsk
>
The only way to keep a secret is not to tell it, as once you have told 
it, there is no way to keep the person you have told it from repeating 
it (intentionally, accidentally, or unknowingly). There are times (many 
of them) where it still makes sense to tell the secret and do your best 
to keep security.

It is similar to the fact that I know my house is not totally burglar 
proof. A determined person will be able to break into my home to 
take/place things, and if they were very determined, maybe even do so 
undetected. This doesn't mean I give up on security, I still lock my 
door, because it make me more secure than otherwise.

In the same way, an encrypted mailing list is not perfect, but it is a 
help, for the transmission of sensitive information that I wish to keep 
secret. It makes the transmission phase much more secure, and maybe 
helps a tiny bit on keeping the data at the end point secure. It should 
be know that, and prominently displayed in the documentation,  that 
encrypted transmission doesn't help significantly with the security at 
the end points, and you need to evaluate your trust of the recipients to 
keep the information secure,

One big thing that I haven't seen in the discussion of this problem is 
exactly WHAT issue/problem this feature is intended to solve, There are 
several different problems that encryption can help with, each needing 
different sort of support from the software.


-- 
Richard Damon

More information about the Mailman-Developers mailing list