Hi, my pseudo code solution would look about like
the following:
Legend: E...encryption function
D...decryption funtion
S...signing function
pubK[x]...public key party "x"
privK[x]...private key party "x"
------------------
ListContribution:
E(message+S[message,privK[contributor]], pubK[server])
let's introduce
message+S[message,privK[contributor]] -> "signed message" :-)
ListServer Receive:
D(E("signed message", privK[server])) = "signed message"
note: valid conributors signature intact, since only net message was signed.
---------------------------------
ListServer Redistribute message:
let's introduce
"signed message"+S["signed message",privK[server]] ->
'server signed "signed message"'
for each listmember do
if (listmember trusts Listserver)
then
# keep listmembers from validating each others members signature
E('server signed "signed message"', pubK[listmember])
else
# just let alone the signed message and every listmember who wishes to
# checks the validity of the signature on his/her own
E("signed message", pubK[listmember])
endif
next
---------------------------------
Listmember Reception of message:
if (Listmember trusts Listserver)
then
D(E('server signed "signed message"',
pubK[listmember]),privK[listmember]) =
'server signed "signed message"'
Check only trusted servers signature.
else
D(E("signed message", pubK[listmember]),privK[listmember]) =
"signed message"
Check senders signature.
endif.
--------------------------------------------------------------
As I see it nobody needs to hold anybodies elses private key !
regards
Roman
Damian Hesse wrote:
> Jörn,
>
>
>>>The task: now we want to set up mailinglists (server side)
>>>like "[EMAIL PROTECTED]" where some users of our company and
>>>some from a customer should be able to write signed and
>>>encryted emails and everybody on the list should be able to
>>>read it.
>>>
>>>The question is how should this be done? The only solution I can
>>>imagine is to generate a certificate for the list and send the p12-file
>>>to everybody on the list. But does it really work with all mail
>>>programs, because for example: user A send an encrypted mail to
>>>[EMAIL PROTECTED] which is expanded to user B, but its not originally
>>>encrypted for B...
>>>
>>>
>>Message senders encrypt the message with the public key of the
>>mailinglist. The mailinglist server decrypts the message using the
>>private key for the mailinglist and encrypts it again individually
>>for every recipient. The problematic part is the signature, I guess.
>>Would it be possible to keep the original signature?
>>Or does the server have to check the sender's signature and sign
>>it again with it's private key if the original signature is correct?
>>
>>The email programs would handle the encryption part nicely,
>>but I fear that you cannot keep the original signature..
>>
>>Jörn Sierwald
>>
>
> No the signature is not the (main) problem. The problem are the
> private keys of the users of the list. I don´t think thats a good idea
> to have private keys of users on a central mail server. They should
> remain on the client computers with password requests for every
> access to make sure that nobody except the user itself have
> access to the usage of their own certificates. Keep in mind that
> in your model even the customer needs to give us their private keys
> which is hardly possible, isn´t it?
>
> Damian
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
