[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On the security of e-mails


It would be useless to try and use SSL for debian-security, because it is
a publicly accessible list, which sort of defeats the purpose of SSL...



PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y

On Fri, 26 May 2000, Sergio Brandano wrote:

>  Alexander Hvostov wrote
> > ...Unless you encrypt to a public key belonging to everyone on the
> > mailing list, which certainly can be done, though this means
> > distributing the appropriate public/private key pair, so the keys
> > themselves would also have to be encrypted, probably to each
> > individual user.
> >
> > Of course, you could also implement something like a bulletin board
> > on HTTP over SSL instead... or maybe SMTP over SSL to each individual
> > list subscriber. (insecure; most subscribers don't run their own mail
> > server)
>  I have a comment on this, related to the never ending battle against
>  SPAM. Why is that mailing lists, that are open only to subscribers,
>  make public the content of thir messages (including addresses) on the
>  web? Yes, archiving. But that opens the way to address collection.
>  I like your proposal of using SSL for this list. And I think we
>  should give it a try.
>  Sergio

Reply to: