[Enigmail] question regarding encryption and mailing lists

Sun Sep 14 16:18:24 PDT 2008

Brandon Blackmoor wrote:
> My name is Brandon Blackmoor. I have been playing with encryption for
> nearly two decades, primarily using PGP and its offshoots. I gave up on
> it many times, because it was just too much trouble to use, and it
> requires both the sender and the recipient to use it.

Welcome to the Enigmail list.  You've probably noticed that one of your
quotes is on a FAQ that I maintain:

http://sixdemonbag.org/cryptofaq.xhtml

Thanks for the quote, BTW; it's been of great use throughout the years.

> 1) How do people handle mailing lists, such as this one? Is it feasible
> to encrypt messages sent to a mailing list?

Mailing list traffic is very hard to do well.  There are two problems:
one mathematical, one large-scale human factor, and one individual human
factor.

Mathematical:

In the simple case, public key cryptography requires what mathematicians
call a "complete graph".  Every node (user) must contain a vertex
(public key) for every other node (user).  When you want to encrypt to a
mailing list of 100 people, you encrypt the message with 100 keys.

The problems with this is that for N users, there are (N**2 - N)/2 key
exchanges, each of which people can screw up.  Mailing lists which do
this sort of thing tend to be filled with a ton of "I couldn't read that
last one because the sender didn't encrypt it to my key" and a lot of
"repost: now with key 0xDEADBEEF" messages.

For small (< 10) and stable (not a lot of user churn) mailing lists this
isn't a huge problem.  For large and/or unstable lists, this becomes a
big problem.

Large-scale human factor:

Three can keep a secret if two of them are dead.  The more people who
are privy to an encrypted communication, the less benefit you gain from
encryption.  Someone who wants to know the contents of the encrypted
mail can just start asking people on the list "hey, I didn't get that
last mail, could you re-send it to me off-list encrypted with my key?"
Dollars to donuts says they'll mistake this for a repost request and
will comply.  The larger your list becomes, the exponentially more
repost requests there are, which makes this attack exponentially easier
to pull off.

Small-scale human factor:

How do you validate all those keys?

... This isn't to say it can't be done or shouldn't be done.  If you
really need this, after all, then you really need this.  But you should
expect to get bitten by these problems, so start making plans now.  :)

> 2) How do people handle web-based email? Is it feasible to use email
> encryption when one typically checks one's mail via a web site?

Yes, although there are various caveats with this.  For instance, many
webmail companies will silently munge plaintext messages in certain
ways, which ruins clearsigned messages.  Encrypted and/or
encrypted-and-signed messages typically work much better than simple
clearsigned messages.

> Thank you for your time, and for this wonderful piece of software.

Absolutely.  Thank you for _Legend: War of Ages_; I wasted many a
pleasant afternoon with that in the early nineties.  Call it karma; what
goes around comes around.  :)