[Cryptography] Good private email
Richard Salz
rich.salz at gmail.com
Mon Aug 26 14:53:54 EDT 2013
> This is everything *but* PRISM-proof
I wasn't trying to be PRISM proof, hence my subject line. The client
and keyserver could help thwart traffic analysis by returning a few
"extra" keys on each request. The client then sends a structure
message to some of those keys that the receiving client recognizes and
ignores.
> and your directory server containing public keys could very well be forced
> by a law enforcement agency ( in the best case scenario because it could
> also be the mafia) to answer the fbi/mafia public key on any request made to
So what? Your content might get sent to the wrong person, but that can
be avoided with that old PKI favorite, out of band verification. If
it's necessary.
> [bitcoin] has the user base
No it doesn't. Not by orders of magnitude compared to the few I
mentioned. Nor does it have a mail client last I checked. (I guess
Chrome doesn't either, but that could be fixed with a couple of quick,
and silent, updates.)
> you just described PGP universal
I never said it was new. The combination of size of the populace
using an out of the box mail client that has this happen seamlessly,
however, would be new.
> Traffic analysis is the problem
Do you really think that for most people on the planet, that it is?
Hey folks, go off and design your perfect secure system. Build a
prototype or alpha-test even. And then watch while the millions of
people who could benefit from private email, and the few who could use
it as an infrastructure to build more services, ignore you. Sigh.
/r$
More information about the cryptography
mailing list