Gnupg good for big groups?

Dirk Walter dirk.walter at semanticbits.com
Wed Aug 4 16:32:22 CEST 2010


> There are mailing list managers that support encrypted mailing lists --
> i.e. you encrypt the message to the list bot, and the bot reencrypts to
> the then-current set of recipients. That doesn't solve your archive
> problem though, and the revocation issue is unsolvable with any crypto
> framework.

I disagree with you there, as long as the archive is large enough that
a person could not read it all there are sensible reasons to lock out
people, say an archive of internal company documents. You want to lock
out employees that leave, sure they might still have copies of the
documents but the damage is limited if they can't get more to
deliberately do damage. You could probably implement access control
using a quorum type key setup where multiple parties need to agree to
a decryption before it can happen but I can't think of any such key
schema that would allow you to change users dynamically, and it also
doesn't really conform to your usecase.

That said assess control is not usually solved by crypto, and this is
not a case where I would use GNUPG, all it can realistically add is
transport level security. Your solution of using a service to provide
the data after checking for access is probably the right one.



More information about the Gnupg-users mailing list