I recently needed to have a way for a group of people to send encrypted messages to each other. Regular PGP is designed for one-to-one communication, so this is a bit of a tricky problem. Multiple strategies are possible, but they all involve some kind of trade-off in regards to security or practical feasibility.
One option is to use a secret key which is shared by all members. The benefit of this model is that it provides proper end-to-end encryption. The drawback is the practical problem of securely distributing the shared secret. If there is geographical separation and few other secure channels, this can be a very difficult problem. What happens if you need to revoke access for one of the members - do you create a new secret and go through the process of securely distributing it to everyone again?
The second option is to have users encrypt messages with a special public key, the list key. The list server receives messages, decrypts them with the private list key and immediately re-encrypts them with the public key of each member of the group. One benefit of this approach is that key management is a non-issue (same as normal PGP mail). The drawback is that messages will be decrypted and at some point held in cleartext before reaching the recipients. So there is not end-to-end encryption - in effect, the server does a benevolent version of a man-in-the-middle attack.
The drawback of the first option is huge - I don't think I could convince anyone to participate in my mailing lists if they were so cumbersome to manage. The drawback of the second option on the other hand is rather limited. Temporarily decrypted messages need only be stored in RAM, and never for more than a few seconds. Given that we have some degree of trust in the list server, this is probably not one of our primary security concerns.
With this decision made, I started looking for specific software to use. I quickly found a very nice open source project called Schleuder (meaning 'slingshot' in German), which had exactly the features I was looking for, a few little extras that I hadn't thought of but liked, and basically nothing else - perfect! And when I downloaded the source I got another nice surprise: Schleuder is written in Ruby which happens to be my weapon of choice for everyday scripting.
Thus began my love affair with Schleuder. About a week later it was consummated when I had a server set up and could start playing around with encrypted lists. So far there are a couple of small groups keeping in touch through the Schleuder lists on my server, and I'm working on getting more people to start using encryption and joining lists. I have also written my first Schleuder plugin and hopefully I will find the time to write a few more.
Some of the extra features that Schleuder comes with:
- Anonymous remailer. Lists can act as mail gateways for groups, exchanging mail with any external address. Might be useful e.g. for info-type addresses or for anonymity purposes.
- Lists are to a large extent managed by sending text commands in emails to the list server. Commands include things like adding new members, listing current members, requesting a specific public key etc.
- Flexible plugin system, which has worked without a hitch for me. Very easy to create new mail based commands. My first plugin experiment was a mail based web browser.
For more information about Schleuder, check out the project web site. And by all means, if you are interested in this kind of thing and want to share your thoughts, please send me an email. To anyone interested in having an encrypted mailing list for some project or just messing around, let me know and I will create a list for you on my server. The only requirement is that you are able to send and receive PGP encrypted mail.