[Meta] Mailing list suggestion: PGP encryption

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

[Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.
There should be a way to configure the mailing list to encrypt mailing
list messages (preferably with multiple keys, as ppl tend to have
multiple devices, or even multiple keys per device for anonymization
purposes). There should be a way to configure the mailing list to
decrpyt mailing list messages (this one could use one mailing list key
for all senders altho ideally at least one key per sender would be
best). These would allow mailing list subscribers to opt-out of
"external sender" in subject lines, increasing the list's
signal-to-noise ratio by eliminating noise. (We don't know of any
mailing list software that supports PGP tho, but we do get slightly
annoyed by this stuff.)
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Gé Weijers
On Tue, Nov 17, 2020 at 4:35 AM Soni "They/Them" L. <[hidden email]> wrote:

>
> There should be a way to configure the mailing list to encrypt mailing
> list messages (preferably with multiple keys, as ppl tend to have
> multiple devices, or even multiple keys per device for anonymization
> purposes). There should be a way to configure the mailing list to
> decrpyt mailing list messages (this one could use one mailing list key
> for all senders altho ideally at least one key per sender would be
> best). These would allow mailing list subscribers to opt-out of
> "external sender" in subject lines, increasing the list's
> signal-to-noise ratio by eliminating noise. (We don't know of any
> mailing list software that supports PGP tho, but we do get slightly
> annoyed by this stuff.)

The "[EXTERNAL SENDER]" stuff is added by an employer's mail system
(or a service provider on their behalf), it's intended to make
phishing harder by notifying the recipient that the email originated
from outside the company, there's not a whole lot you can do about
that in mailing list software. I get those at my place of work.

I don't see how encryption (PGP/GPG or otherwise) is relevant here,
this is a public mailing list. Signing messages would make more sense,
but there is no reliable certificate distribution system that can't be
subverted by "public/private partnerships" (i.e. criminals that
cooperate with intelligence agencies at times) that perform many of
the phishing attacks these days.

--

Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-17 2:09 p.m., Gé Weijers wrote:

> On Tue, Nov 17, 2020 at 4:35 AM Soni "They/Them" L. <[hidden email]> wrote:
> >
> > There should be a way to configure the mailing list to encrypt mailing
> > list messages (preferably with multiple keys, as ppl tend to have
> > multiple devices, or even multiple keys per device for anonymization
> > purposes). There should be a way to configure the mailing list to
> > decrpyt mailing list messages (this one could use one mailing list key
> > for all senders altho ideally at least one key per sender would be
> > best). These would allow mailing list subscribers to opt-out of
> > "external sender" in subject lines, increasing the list's
> > signal-to-noise ratio by eliminating noise. (We don't know of any
> > mailing list software that supports PGP tho, but we do get slightly
> > annoyed by this stuff.)
>
> The "[EXTERNAL SENDER]" stuff is added by an employer's mail system
> (or a service provider on their behalf), it's intended to make
> phishing harder by notifying the recipient that the email originated
> from outside the company, there's not a whole lot you can do about
> that in mailing list software. I get those at my place of work.
>
> I don't see how encryption (PGP/GPG or otherwise) is relevant here,
> this is a public mailing list. Signing messages would make more sense,
> but there is no reliable certificate distribution system that can't be
> subverted by "public/private partnerships" (i.e. criminals that
> cooperate with intelligence agencies at times) that perform many of
> the phishing attacks these days.
>

PGP would help because it would look as sent from the list to any email
software snooping in the middle.

Instead, the actual headers and message would be encrypted, only for the
user to see. In other words, completely evading the MITM.

We don't need certificate distribution. Just log in to the list web
interface and paste your public keys there, etc.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Russell Haley
In reply to this post by Gé Weijers


On Tue, Nov 17, 2020 at 9:11 AM Gé Weijers <[hidden email]> wrote:
On Tue, Nov 17, 2020 at 4:35 AM Soni "They/Them" L. <[hidden email]> wrote:
>
> There should be a way to configure the mailing list to encrypt mailing
> list messages (preferably with multiple keys, as ppl tend to have
> multiple devices, or even multiple keys per device for anonymization
> purposes). There should be a way to configure the mailing list to
> decrpyt mailing list messages (this one could use one mailing list key
> for all senders altho ideally at least one key per sender would be
> best). These would allow mailing list subscribers to opt-out of
> "external sender" in subject lines, increasing the list's
> signal-to-noise ratio by eliminating noise. (We don't know of any
> mailing list software that supports PGP tho, but we do get slightly
> annoyed by this stuff.)

The "[EXTERNAL SENDER]" stuff is added by an employer's mail system
(or a service provider on their behalf), it's intended to make
phishing harder by notifying the recipient that the email originated
from outside the company, there's not a whole lot you can do about
that in mailing list software. I get those at my place of work.

I don't see how encryption (PGP/GPG or otherwise) is relevant here,
this is a public mailing list. Signing messages would make more sense,
but there is no reliable certificate distribution system that can't be
subverted by "public/private partnerships" (i.e. criminals that
cooperate with intelligence agencies at times) that perform many of
the phishing attacks these days.

But PGP *does* do clear text signing?  You run pgp over the message and it produces a hash that can be verified with a public key. That isn't something the server would do though, that would be something that a user does prior to sending the message, including the message hash. I am pretty sure GNUPGP also contains server software for distributing public keys. The problem with this is that the burden is on the users to A) Use it and B) Use it correctly, consistently.

I suppose if you wanted to verify the *mail server*, you could write a mime service that hashes all the messages that it receives (with it's private key) and includes the hash in the mime header? The public key could be distributed via a webpage for people that care?

Russ

--

Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Viacheslav Usov
In reply to this post by Soni "They/Them" L.
On Tue, Nov 17, 2020 at 1:34 PM Soni "They/Them" L. <[hidden email]> wrote:
>
> There should be a way to configure the mailing list to encrypt mailing
> list messages

Encryption in the strict sense of the word makes no sense for a public
mailing list, where all messages are relayed to anyone who cares to
subscribe.

If that word was used as a shorthand for "cryptographically-strong
message authentication", then, again, for a public mailing list where
essentially anyone can join and post messages to, this would be of
very limited use. I would not know that Soni "They/Them" L.
<[hidden email]> is any better than Soni "They/Them" L.
<[hidden email]>.

Finally, message authentication is hard for a mailing list and may
seem too much to worry about or be impossible to comply with for its
members. Gmail does message authentication for me, and it routinely
classifies messages of at least one long-term list member as spam. The
member is aware of that, but is unable or unwilling to change that.
(This is not a complaint, just an illustration.)

Cheers,
V.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 6:32 a.m., Viacheslav Usov wrote:

> On Tue, Nov 17, 2020 at 1:34 PM Soni "They/Them" L. <[hidden email]> wrote:
> >
> > There should be a way to configure the mailing list to encrypt mailing
> > list messages
>
> Encryption in the strict sense of the word makes no sense for a public
> mailing list, where all messages are relayed to anyone who cares to
> subscribe.
>
> If that word was used as a shorthand for "cryptographically-strong
> message authentication", then, again, for a public mailing list where
> essentially anyone can join and post messages to, this would be of
> very limited use. I would not know that Soni "They/Them" L.
> <[hidden email]> is any better than Soni "They/Them" L.
> <[hidden email]>.

Encryption in the strict sense makes sense if your threat model is gmail
but not the list server.

>
> Finally, message authentication is hard for a mailing list and may
> seem too much to worry about or be impossible to comply with for its
> members. Gmail does message authentication for me, and it routinely
> classifies messages of at least one long-term list member as spam. The
> member is aware of that, but is unable or unwilling to change that.
> (This is not a complaint, just an illustration.)

Case in point.

>
> Cheers,
> V.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Viacheslav Usov
On Wed, Nov 18, 2020 at 12:54 PM Soni "They/Them" L. <[hidden email]> wrote:

> Encryption in the strict sense makes sense if your threat model is gmail
> but not the list server.

Unless you specify exactly what your threat model is, we can argue forever.

> Case in point.

Your threat model is Gmail's spam classification of messages coming
from the list members who cannot (be bothered to) comply with
DKIM/DMARC/SPF, and your response is forcing those same members to
comply with an additional crypto system, which would magically
exonerate them from still having their messages to comply with
DKIM/DMARC/SPF?

Cheers,
V.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 9:21 a.m., Viacheslav Usov wrote:

> On Wed, Nov 18, 2020 at 12:54 PM Soni "They/Them" L. <[hidden email]> wrote:
>
> > Encryption in the strict sense makes sense if your threat model is gmail
> > but not the list server.
>
> Unless you specify exactly what your threat model is, we can argue forever.
>
> > Case in point.
>
> Your threat model is Gmail's spam classification of messages coming
> from the list members who cannot (be bothered to) comply with
> DKIM/DMARC/SPF, and your response is forcing those same members to
> comply with an additional crypto system, which would magically
> exonerate them from still having their messages to comply with
> DKIM/DMARC/SPF?

No. The list would use PGP, between the list and you. The sender
wouldn't have to worry about it.

Gmail would only see all the messages as coming from the list and being
encrypted.

> Cheers,
> V.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Viacheslav Usov
On Wed, Nov 18, 2020 at 1:34 PM Soni "They/Them" L. <[hidden email]> wrote:

> No. The list would use PGP, between the list and you. The sender
> wouldn't have to worry about it.
>
> Gmail would only see all the messages as coming from the list and being
> encrypted.

This will address the DKIM/DMARC/SPF verification problem only if the
incompliant sender's identity (in the headers) is completely replaced
by a compliant identity. But this is by itself sufficient to address
the problem, no additional crypto scheme is needed.

Cheers,
V.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 11:14 a.m., Viacheslav Usov wrote:

> On Wed, Nov 18, 2020 at 1:34 PM Soni "They/Them" L. <[hidden email]> wrote:
>
> > No. The list would use PGP, between the list and you. The sender
> > wouldn't have to worry about it.
> >
> > Gmail would only see all the messages as coming from the list and being
> > encrypted.
>
> This will address the DKIM/DMARC/SPF verification problem only if the
> incompliant sender's identity (in the headers) is completely replaced
> by a compliant identity. But this is by itself sufficient to address
> the problem, no additional crypto scheme is needed.
>
> Cheers,
> V.

The encryption additionally prevents:

- gmail replacing/MITMing embedded links
- gmail adding EXTERNAL SENDER to subject lines

among other things. All of them things that happen today.

Those things are great for non-mailing-list emails but for mailing lists
it's just insufferable. Anti-spam is great but we need anti-anti-spam if
we want mailing lists to survive into the next 10 years.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Francisco Olarte
Soni:

On Wed, Nov 18, 2020 at 3:36 PM Soni "They/Them" L. <[hidden email]> wrote:
...
> The encryption additionally prevents:
> - gmail replacing/MITMing embedded links
> - gmail adding EXTERNAL SENDER to subject lines

Are you sure it is gmail doing that? I read the list on it and do not
recall seeing that. Not the external sender.

The links also come right. Certainly my MUA (gmail web interface )
RENDERS them as links popping up, but this is my problem and I can
easily avoid it, gmail per se sends raw text to me if I ask for it.

Francisco Olarte.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 1:31 p.m., Francisco Olarte wrote:

> Soni:
>
> On Wed, Nov 18, 2020 at 3:36 PM Soni "They/Them" L. <[hidden email]> wrote:
> ...
> > The encryption additionally prevents:
> > - gmail replacing/MITMing embedded links
> > - gmail adding EXTERNAL SENDER to subject lines
>
> Are you sure it is gmail doing that? I read the list on it and do not
> recall seeing that. Not the external sender.
>
> The links also come right. Certainly my MUA (gmail web interface )
> RENDERS them as links popping up, but this is my problem and I can
> easily avoid it, gmail per se sends raw text to me if I ask for it.
>
> Francisco Olarte.

gmail for corporate (aka gsuite) can do both those things if configured
to do so, and so can various other email server software. it may not be
a problem for you, specifically, but that doesn't mean it's not a
problem for other user. and we can give those users a way around it, if
we add PGP to the mailing list software.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Francisco Olarte
Soni:

On Wed, Nov 18, 2020 at 5:47 PM Soni "They/Them" L. <[hidden email]> wrote:

> On 2020-11-18 1:31 p.m., Francisco Olarte wrote:
> > Are you sure it is gmail doing that? I read the list on it and do not
> > recall seeing that. Not the external sender.
> > The links also come right. Certainly my MUA (gmail web interface )
> > RENDERS them as links popping up, but this is my problem and I can
> > easily avoid it, gmail per se sends raw text to me if I ask for it.
> gmail for corporate (aka gsuite) can do both those things if configured
> to do so, and so can various other email server software. it may not be
> a problem for you, specifically, but that doesn't mean it's not a
> problem for other user. and we can give those users a way around it, if
> we add PGP to the mailing list software.

Sorry if it seems obtuse, but english is not my native language and
sometimes I do not parse things right.When you say it can do both
those things you mean it can ADD the external sender/redirected links
or REMOVE them?


Francisco Olarte.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 2:07 p.m., Francisco Olarte wrote:

> Soni:
>
> On Wed, Nov 18, 2020 at 5:47 PM Soni "They/Them" L. <[hidden email]> wrote:
> > On 2020-11-18 1:31 p.m., Francisco Olarte wrote:
> > > Are you sure it is gmail doing that? I read the list on it and do not
> > > recall seeing that. Not the external sender.
> > > The links also come right. Certainly my MUA (gmail web interface )
> > > RENDERS them as links popping up, but this is my problem and I can
> > > easily avoid it, gmail per se sends raw text to me if I ask for it.
> > gmail for corporate (aka gsuite) can do both those things if configured
> > to do so, and so can various other email server software. it may not be
> > a problem for you, specifically, but that doesn't mean it's not a
> > problem for other user. and we can give those users a way around it, if
> > we add PGP to the mailing list software.
>
> Sorry if it seems obtuse, but english is not my native language and
> sometimes I do not parse things right.When you say it can do both
> those things you mean it can ADD the external sender/redirected links
> or REMOVE them?

gsuite can receive emails with external links.

gsuite can be configured to turn said links into MITM links.

gsuite can add "EXTERNAL SENDER" to subject lines.

when drafting replies, the reply will be sent with gsuite's MITM and
EXTERNAL SENDER subject lines, unless the user manually replaces them to
their original form.

PGP prevents gsuite from doing those, so the user wouldn't have to
manually replace anything.

>
>
> Francisco Olarte.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Francisco Olarte
Soni:

On Wed, Nov 18, 2020 at 6:32 PM Soni "They/Them" L. <[hidden email]> wrote:

> On 2020-11-18 2:07 p.m., Francisco Olarte wrote:
> > On Wed, Nov 18, 2020 at 5:47 PM Soni "They/Them" L. <[hidden email]> wrote:
> > > On 2020-11-18 1:31 p.m., Francisco Olarte wrote:
> > > > Are you sure it is gmail doing that? I read the list on it and do not
> > > > recall seeing that. Not the external sender.
> > > > The links also come right. Certainly my MUA (gmail web interface )
> > > > RENDERS them as links popping up, but this is my problem and I can
> > > > easily avoid it, gmail per se sends raw text to me if I ask for it.
> > > gmail for corporate (aka gsuite) can do both those things if configured
> > > to do so, and so can various other email server software. it may not be
> > > a problem for you, specifically, but that doesn't mean it's not a
> > > problem for other user. and we can give those users a way around it, if
> > > we add PGP to the mailing list software.
> >
> > Sorry if it seems obtuse, but english is not my native language and
> > sometimes I do not parse things right.When you say it can do both
> > those things you mean it can ADD the external sender/redirected links
> > or REMOVE them?

> gsuite can receive emails with external links.
> gsuite can be configured to turn said links into MITM links.
> gsuite can add "EXTERNAL SENDER" to subject lines.
>
> when drafting replies, the reply will be sent with gsuite's MITM and
> EXTERNAL SENDER subject lines, unless the user manually replaces them to
> their original form.

Ok, I understand. I use gsuite ( It has a banner as such on TRC ), but
seems I have not bothered to make those changes.

> PGP prevents gsuite from doing those, so the user wouldn't have to
> manually replace anything.

Correct me if I'm wrong, but if you are using Gsuite by choice you can
configure it to not do it. And if it is given to you by our employer,
as is my case, it does not seem to right to bypass the way he has
configured it to work ( so, if you use lua-l for work just leave it as
is, if you use it personally just use another mauil service to
subscribe ).

I do not think PGP is going to do any good for that. But I'm not too
familiar using it with mail, so as long as it is optional, no problem
with it. But, as somebody pointed out, public mailing lists are a
problem. I just assume anyone can post anything and read everything
and just go ahead.

FOS.


>
> >
> >
> > Francisco Olarte.
Reply | Threaded
Open this post in threaded view
|

Re: [Meta] Mailing list suggestion: PGP encryption

Soni "They/Them" L.


On 2020-11-18 2:40 p.m., Francisco Olarte wrote:

> Soni:
>
> On Wed, Nov 18, 2020 at 6:32 PM Soni "They/Them" L. <[hidden email]> wrote:
>
> > gsuite can receive emails with external links.
> > gsuite can be configured to turn said links into MITM links.
> > gsuite can add "EXTERNAL SENDER" to subject lines.
> >
> > when drafting replies, the reply will be sent with gsuite's MITM and
> > EXTERNAL SENDER subject lines, unless the user manually replaces them to
> > their original form.
>
> Ok, I understand. I use gsuite ( It has a banner as such on TRC ), but
> seems I have not bothered to make those changes.
>
> > PGP prevents gsuite from doing those, so the user wouldn't have to
> > manually replace anything.
>
> Correct me if I'm wrong, but if you are using Gsuite by choice you can
> configure it to not do it. And if it is given to you by our employer,
> as is my case, it does not seem to right to bypass the way he has
> configured it to work ( so, if you use lua-l for work just leave it as
> is, if you use it personally just use another mauil service to
> subscribe ).
>
> I do not think PGP is going to do any good for that. But I'm not too
> familiar using it with mail, so as long as it is optional, no problem
> with it. But, as somebody pointed out, public mailing lists are a
> problem. I just assume anyone can post anything and read everything
> and just go ahead.

It is not about who can read it, but about who can modify it.

And yes, PGP is optional.

>
> FOS.
>
>
> >
> > >
> > >
> > > Francisco Olarte.