Made of awesome

[Bill Royds]

On 20-Sep-08, at 02:39 , Matt wrote:

>
> It does sound interesting, but how can I trust the signature of a  
> key I
> know wasn't generated by the appropriate user? How can anyone trust  
> the
> key the listserv generated for me? How can I be certain that at no  
> point
> in the future the serve isn't going to forge a signature, since it has
> my private (use on list X only) key and passphrase?


I don't see the system having any of my private keys.

It seems to work by having the email system keep track of the public  
keys of list subscribers, while also having its own key pair for the  
list.

When I send a message to the list, I encrypt it with the list's public  
key and sign it with my private signing key.
The list handler then checks (using my public key) that a list member  
(me) sent it, decrypts it with its private key, and resends the  
message to each list member, encrypting with each member's public keys  
and signs it with list private signing key.

It is not really any different than sending messages to a group of  
people which are on your public keyring, except that the membership of  
the group is known only to this list manager and each member of list  
does not have to keep a public key for each member, just list itself.

Itdoes have the problem that one needs to trust that the list  
management software is not compromised, as it has access to the plain  
text messages and is essentially acting as a man-in-the-middle agent  
to accomplish all this.