[HacktionLab] "secure email list services"
Martin
charlychemnitz at yahoo.de
Fri May 4 08:01:45 UTC 2012
Hi there,
I won't have time to prepare much, but perhaps somebody too is interested in
looking into:
http://sels.ncsa.illinois.edu/
Essentially, what it does is to provide GnuPG encrypted mailing lists.
Everybody who is on such a list with more than 5 people knows the pain:
everybody always needs to encrypt for everybody and things go wrong.
Proxy Re-Encryption to the rescue. The idea is that the sender encrypts to a
re-encryption key and the server transforms that encryption so that it
encrypts for every recipient *without* being able to decrypt the message. So
if the server gets seized/compromised no content is revealed. See:
http://sels.ncsa.illinois.edu/about.html
This idea was implemented for GnuPG and I'd be interested in checking out the
software to see how user friendly it is etc. (joining a list becomes more
difficult since there is some key negotiation to be done) The idea being to
eventually set-up this SELS thing as a service so it's easy for people to have
GnuPG encrypted mailing lists, i.e., mailing lists with end-to-end encryption
without relying on a trusted third server.
Cheers,
Martin
PS: The authors also wrote research papers which give a bit more in-depth
background:
http://sels.ncsa.illinois.edu/pub.html
More information about the HacktionLab
mailing list