On 20-Sep-08, at 02:39 , Matt wrote:


It does sound interesting, but how can I trust the signature of a key I know wasn't generated by the appropriate user? How can anyone trust the key the listserv generated for me? How can I be certain that at no point
in the future the serve isn't going to forge a signature, since it has
my private (use on list X only) key and passphrase?


I don't see the system having any of my private keys.

It seems to work by having the email system keep track of the public keys of list subscribers, while also having its own key pair for the list.

When I send a message to the list, I encrypt it with the list's public key and sign it with my private signing key. The list handler then checks (using my public key) that a list member (me) sent it, decrypts it with its private key, and resends the message to each list member, encrypting with each member's public keys and signs it with list private signing key.

It is not really any different than sending messages to a group of people which are on your public keyring, except that the membership of the group is known only to this list manager and each member of list does not have to keep a public key for each member, just list itself.

Itdoes have the problem that one needs to trust that the list management software is not compromised, as it has access to the plain text messages and is essentially acting as a man-in-the-middle agent to accomplish all this.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to