> There are mailing list managers that support encrypted mailing lists -- > i.e. you encrypt the message to the list bot, and the bot reencrypts to > the then-current set of recipients. That doesn't solve your archive > problem though, and the revocation issue is unsolvable with any crypto > framework.
I disagree with you there, as long as the archive is large enough that a person could not read it all there are sensible reasons to lock out people, say an archive of internal company documents. You want to lock out employees that leave, sure they might still have copies of the documents but the damage is limited if they can't get more to deliberately do damage. You could probably implement access control using a quorum type key setup where multiple parties need to agree to a decryption before it can happen but I can't think of any such key schema that would allow you to change users dynamically, and it also doesn't really conform to your usecase. That said assess control is not usually solved by crypto, and this is not a case where I would use GNUPG, all it can realistically add is transport level security. Your solution of using a service to provide the data after checking for access is probably the right one. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
