existing keys as subkey

Ingo Klöcker ingo.kloecker@epost.de
Thu Oct 3 16:05:11 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 03 October 2002 14:50, David Shaw wrote:
> On Thu, Oct 03, 2002 at 11:49:50AM +0200, Ingo Klöcker wrote:
> > This is how the encrypted mailinglist works:
> > When someone what's to sent a message to the mailinglist he
> > encrypts the message with the mailinglist key.
> > The mailinglist manager receives the message, decrypts it,
> > re-encrypts it for all subscribers and then sends it to the
> > subscribers. In order to protect the privacy of the subscribers the
> > message should be encrypted for each subscriber separately.
>
> That would be a lot of messages, and you lose the nice mailing list
> ability to send in bulk (i.e. you have more than one subscriber at a
> given domain, so you send one copy to that domain and let their mail
> system deliver it multiple times).
>
> You can use --throw-keyid to remove the key IDs of the subscribers,
> so the only thing that an attacker would know about the subscribers
> is how many of them there are.  You can throw some extra fake
> "subscribers" into the mix as well to throw off the count as well ;)

And in order to avoid too large messages (at least one encrypted session 
key per subscriber) one could combine both ideas by encrypting each 
message with --throw-keyid for every group of subscribers in the same 
domain (and for every PGP user) separately.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9nE24GnR+RTDgudgRAugpAJ9+67vfQiLtzMgkIiJviRv6NEXsKQCdFJQh
1SUTbcf1a3afmhdNS6Jib7k=
=4+iZ
-----END PGP SIGNATURE-----