[Cryptography] Dark Mail Alliance specs?
James A. Donald
jamesd at echeque.com
Sat Nov 23 15:33:57 EST 2013
On 2013-11-23 22:30, Ralf Senderek wrote:
> Yes, but it's about time we do something about that. Do we *exactly know
> why* it is such a failure?
Key management.
Need no-click key management.
Assume that secure email/IM addresses look like user#example.com
(Since we are breaking compatibility, we need to distinguish our addresses)
The user#example.com logs on to the mail transport agent at example.com
using a zero knowledge password protocol.
This generates a transient shared secret between the client and the mail
transport agent, which changes every logon, and also generates a durable
client secret, which depends on a strong per client secret maintained by
the mail transport agent and the user password.
If the user password is weak, whoever controls example.com can find it
by dictionary attack, and thus find the durable client secret, but no
one else can, except they first attack the mail transport agent on
example.com.
If the end user is exceptionally paranoid, he uses a strong password or
makes sure he controls example.com
The durable client secret gives rise to a durable client public key,
which is published by example.com.
The corresponding client secret key is recreated every logon, and, all
being well, is known only to the client.
More information about the cryptography
mailing list