1994-09-18 - Re: (fwd) “Will You Be a Terrorist?”

Header Data

From: jonathan@memex.com (Jonathan Adams)
To: cypherpunks@toad.com
Message Hash: 3195fc3d0a460e12b316731bb6c06c82987618d5ddad1c238ac6ca9ecc921a03
Message ID: <9409180700.AA09412@memexis.memex.com>
Reply To: N/A
UTC Datetime: 1994-09-18 07:09:43 UTC
Raw Date: Sun, 18 Sep 94 00:09:43 PDT

Raw message

From: jonathan@memex.com (Jonathan Adams)
Date: Sun, 18 Sep 94 00:09:43 PDT
To: cypherpunks@toad.com
Subject: Re: (fwd) "Will You Be a Terrorist?"
Message-ID: <9409180700.AA09412@memexis.memex.com>
MIME-Version: 1.0
Content-Type: text/plain

In a post to <cypherpunks@toad.com>, cactus@bb.com (L. Todd Masco) wrote:
> Now, this won't give protection from traffic analysis;  In was
> suggestion, I was really blurring two seperate lines of thought
> (I'm interested in PGPified mailing list software for content-hiding
> reasons; I'm trying to set up a "distributed business" that I'd
> like to keep secure).  Also, though, I'm not sure I want to count
> on anonymous remailers being available.  If people want to
> effectively "chain" them, that's fine.

    I don't see how using PGPified mailing lists help at all
(with the assumtion that anyone can subscribe). I mean, anyone
can simply subscribe to the list and then read all of the traffic.
What's the point? Anyways...

    I *can*, however, see the use of using PGP encryption for
mailing list submissions, expecially combined with an aliasing
feature. (i.e. the mailing list has a key pair, and people send
mail to it). Possibly even accepting something like the cypherpunk
remailer format (i.e.:

anon-post-from: bob

etc... ). This, however, *might* be going to far for some people's
comfort, because it would allow *COMPLETELY* untraceable posts
(depending on the security of the site, but that's another issue).
You can do other remailer-type traffic analysis defeaters like
sending out the posts in random order at fixed intervals, etc.

> 	- What I want (for other purposes) is a mailing list that has
> 	 its own public key; Material is encrypted to it, it decrypts it,
> 	 and then the material is encrypted with each recipient's public
> 	 key (I'm assuming a PGP base here).   Probably simply to do,
> 	 but has anybody done it?  No pretense of protection from
> 	 traffic analysis here: just to keep prying 3rd parties' eyes
> 	 off it.

See above. Also, a couple problems with encrypting it to each person on the list  
is that it takes:

 #1 Space for all of the keys
 #2 Time to encrypt EACH message to each person

Both of which quickly become a problem on high-volume lists such as cypherpunks.
Also, it requires that EVERYONE use PGP if they want to read the list. This, I  
believe, is an unacceptable requirement.

PGP 2.6 key available. Fingerprint:     (Jonathan Adams)
    40 27 43 E0 5C 20 66 0E  EE 8C 10 9F EC 40 78 6A  (revoked!)
    A5 77 E9 28 88 DD B7 D4  9C 8C F9 D5 D8 3F 45 BE  (new! 1024 bit)