[8177] in cryptography@c2.net mail archive
Re: Is PGP broken?
daemon@ATHENA.MIT.EDU (Bram Cohen)
Sun Dec 3 20:54:20 2000
Date: Sun, 3 Dec 2000 17:52:03 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Ian BROWN <I.Brown@cs.ucl.ac.uk>, cryptography@c2.net
In-Reply-To: <3A2ACA7E.A5DCAABA@algroup.co.uk>
Message-ID: <Pine.LNX.4.21.0012031750480.9756-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sun, 3 Dec 2000, Ben Laurie wrote:
> Bram Cohen wrote:
> >
> > Come to think of it, there are some tricky issues with regards to crypto
> > on mailing lists, it might make sense to have a
> > X-crypto-originator foo@bar.com line in the headers to specify that the
> > crypto information contained in that piece of mail applies to the address
> > foo@bar.com - otherwise there's no clear way of unraveling all the
> > possible mixes of from, to, and reply-to headers which could possibly be
> > sent to a mailing list.
>
> Umm. PGP keys are largely self-identifying, at least in this case. It
> wouldn't really matter how the short-lived key arrived, the fact that
> its signatory is the guy you are about to email is the interesting
> thing. Who cares who delivered it to you, or how?
If I recieve mail from a mailing list, it potentially might have info
about both how to encrypt mail sent to the sender, and how to encrypt mail
sent to the list - it really should be able to include both, and specify
which is which.
-Bram Cohen
[Personally, I'm not sure it is worthwhile worrying about how to
encrypt mail to a large mailing list -- a secret known by more than
a couple of people is never secret for long. Signatures on list mail
are another matter. --Perry]
