On Wednesday 04 July 2007, Alex Daniloff wrote:
You're missing this point:
4. When the Mail Server receives a message encrypted with subscriber's private key, it decrypts it using existing subscriber's private key stored in SQL database. Then the Mail Server encrypts this message with the Mailing List public encryption key and distributes it to all other Mailing List subscribers.
I understood exactly what you said. But giving one's private key to anyone else (the mail server) is insecure. If asked to load my private key to any mail server I would be looking for a different list. As for the outbound, if you encrypt with the mailing list PUBLIC key then everybody would need the mailing list PRIVATE key to decrypt it. You are doing this (or at least explaining it) exactly backward of how public key encryption is supposed to work. If you want list outbound traffic encrypted the server needs to store each user's PUBLIC key and encrypt each outbound message with the key specific to the user. If list inbound traffic is to be encrypted, then subscribers should encrypt with the list server's PUBLIC key. Any plan you cook up which requires sharing anyone's PRIVATE key is just wrong from the get go. If you can't understand that, don't come here asking for help and suggestions about how to compromise public key encryption standards. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org