key management for security@gnupg.org
Open, WishlistPublic

Description

Have a way to reencrypt mail addressed to security@gnupg.org to allow multiple recipients that are unknown to the sender. Maybe use schleuder or neal's solution.

marcus created this task.Apr 10 2017, 10:17 AM
neal added a comment.Apr 12 2017, 10:26 AM

There is a prototype implementation in the branch neal/encrypted-mailing-lists . A paper describing the design is at: ftp://ftp.gnupg.org/people/neal/openpgp-mailing-lists.pdf . The design was reviewed by Matt Green and DKG. DKG suggested using a slightly different OpenPGP construct (specfically, using user attribute packets instead of my encrypted subkey hack).

werner added a subscriber: werner.Jun 2 2017, 9:19 AM

Another option is to distribute the secret subkey to all hackers who need to be able to read that. We won't need any backward security due to our transparency goal. At the time we add a new hacker to the list we can simply create a new subkey. With the extend privat key format we would also have a method to add information to the secret key, so that we can track who got one.

werner triaged this task as Wishlist priority.Jun 7 2017, 1:13 PM