public-key: the wrong model for email?

Ian Grigg iang at
Fri Sep 17 14:35:09 EDT 2004

lrk wrote:

> Perhaps it is time to define an e-mail definition of crypto to keep the
> "postman" from reading the "postcards". That should be easy enough to
> implement for the average user and provide some degree of privacy for
> their mail. Call it "envelopes" rather than "crypto". Real security 
> requires more than a Windoz program.

Oh, that's really easy.  Each mailer (MUA) should (on
install) generate a self-signed cert.  Stick the fingerprint
in the headers of every mail going out.  An MUA that sees
the fingerpring in an incoming mail can send a request email
to acquire the full key.  Or stick the entire cert in there,
it's not as if anyone would care.

Then each MUA can start encrypting to that key opportunistically.

Lots of variations.  But the key thing is that the MUA
should simply generate the key, sign it, and send it out
on demand, or more freuqently.  There's really no reason
why this can't all be automated.  After all, the existing
email system is automated, and trusted well enough to
deliver email, so why can't it deliver self-signed certs?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list