Re: On the security of e-mails

To: Daniel Taylor <dante@plethora.net>
Cc: Sergio Brandano <sb@dcs.qmw.ac.uk>, debian-security@lists.debian.org
Subject: Re: On the security of e-mails
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Fri, 26 May 2000 00:22:50 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0005260020170.7813-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] Pine.LNX.4.10.10005250911260.4420-100000@cu.mol.plethora.net>

Daniel,

...Unless you encrypt to a public key belonging to everyone on the mailing
list, which certainly can be done, though this means distributing the
appropriate public/private key pair, so the keys themselves would also
have to be encrypted, probably to each individual user.

Of course, you could also implement something like a bulletin board on
HTTP over SSL instead... or maybe SMTP over SSL to each individual list
subscriber. (insecure; most subscribers don't run their own mail server)

Regards,

Alex.

---
PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------

On Thu, 25 May 2000, Daniel Taylor wrote:

> The closest reliable method in that area is PGP encryption
> of e-mail.  In theory only those people who have the message
> signed with their public key will be able to read it.
> 
> In practice I haven't heard otherwise.
> 
> The only place where it isn't appropriate to encrypt (maybe only sign)
> is on public mailing lists.
> 
> Daniel Taylor                Embedded and custom Linux integration.
> dante@plethora.net           (612)747-1609
> 
> On Thu, 25 May 2000, Sergio Brandano wrote:
> 
> > 
> >  I would like to raise the problem of the security of electronic
> >  mail. The problem popped into my mind a while ago, while reading
> >  about Italian legislation on the privacy and, in particular, of
> >  paper mail. I always wanted to draw the issue to the attention of the
> >  ``hi spheres'', but I am now in the UK, and the whole thing went into
> >  the limbo. The problem is simply as follows: there is no legislation
> >  that enforces the privacy of electronic mail. On the practical side,
> >  there is no software method currently implemented at large that
> >  allows the receiver, and only the receiver, to read his/her own mail.
> >  The secure transmission of mail is part of the whole process.
> >  The similar issue can easily be extended to the Internet, where sites
> >  (from the very client to the very server) can record your preferences,
> >  as if there were a big brother that spies on you and writes all down.
> >  An immediate consequence of it are all the SPAM mail selling
> >  financial services...
> > 
> >  Sergio
> > 
> > 
> > --  
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: On the security of e-mails
  - From: Sergio Brandano <sb@dcs.qmw.ac.uk>

References:
- Re: On the security of e-mails
  - From: Daniel Taylor <dante@plethora.net>

Prev by Date: Re: On the security of e-mails
Next by Date: Re: On the security of e-mails
Previous by thread: Re: On the security of e-mails
Next by thread: Re: On the security of e-mails
Index(es):
- Date
- Thread