like in PGP, you would use a session key: symmetric encryption of the thread, then encrypt that symmetric key once for every thread- or forum member. you can only add people to this; to remove people from a thread you would need to send the remaining people a new session key. that's the rough idea we have, we are still waiting for someone to implement a research app so we can test how well this works.
