From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 8 Sep 1998 08:13:45 +0800
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Subject: cryptographically secure mailing list software (fwd)
Message-ID: <199809080031.TAA06618@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: Matthew James Gering <mgering@ecosystems.net>
> Subject: cryptographically secure mailing list software
> Date: Mon, 7 Sep 1998 16:59:56 -0700 

> I've been curious as to whether anyone has developed and/or whether it
> is technically feasible to develop a cryptographically secure
> listserver.

> User would submit their PGP public key to the listserver upon
> subscription, submitted messages would be encrypted with the
> listserver's public key,

Actualy to be secure the subscriber would need to use one of the remailers
public key to encrypt their key prior to submission to the remailer. Of
course this doesn't prevent a MIT attack and key substitution. Otherwise
you'd be sending  your key in the clear, generaly a bad thing.

This touches on the main problem with distribution and use of PKE, in that
no secure key management protocal suitable for internet sort of
architectures has ever been developed that doesn't require some trusted 3rd
party or an existing secure channel.


    ____________________________________________________________________

                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------