[HacktionLab] "secure email list services"
Martin
charlychemnitz at yahoo.de
Fri May 4 10:51:36 UTC 2012
Hi,
(it seems) schleuder2 does not do proxy re-encryption, i.e., it *decrypts*
your messages and re-encrypts them for whoever is on the list. Hence, the
server sees the plaintext.
SELS does not do that, i.e,, you do not have to trust the server [1], it
cannot see the content of your message if GnuPG encryption algorithms are
secure. So its security guarantees are much stronger.
I guess it comes to down to two questions:
(a) Do you expect somebody to (physically, virtually, legally, etc.) kick in
the door of your server room to gain access to your server?
(b) Do you expect that the security of your list members' PCs is sufficiently
high, such that an adversary would attack your server instead of one of your
list members.
In any case, if SELS is user friendly enough it would be the preferable choice
as it rules out one attack vector.
On Friday 04 May 2012, Alan Dawson wrote:
> On Fri, May 04, 2012 at 10:01:45AM +0200, Martin wrote:
> > Hi there,
> >
> > I won't have time to prepare much, but perhaps somebody too is interested
> > in
> >
> > looking into:
> > http://sels.ncsa.illinois.edu/
>
> http://schleuder2.nadir.org/
>
> is another example of gpg mailing list software.
>
> It would be interesting to compare them.
>
> Regards,
>
> Alan Dawson
Cheers,
Martin
[1] Well, it could suppress messages, i.e., denial of service. But it cannot
compromise confidentiality.
More information about the HacktionLab
mailing list