[Cryptography] Email and IM are ideal candidates for mix networks

[Phill]

On Aug 26, 2013, at 5:27 PM, The Doctor <drwho at virtadpt.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
> 
>> Which is why I think Ted Lemon's idea about using Facebook type 
>> friending may be necessary.
> 
> Or Gchat-style contacts.
> 
>> I don't think we can rely on that for Key distribution. But I think
>> it needs to be a part of the mix.
> 
> What if the public key were baked into the user's public-facing
> profile in such a fashion that the client could pick it up
> automagickally but viewers just saw another link that they'd never
> click on anyway?

I am thinking that I want to make face to face exchange of keys via an iPhone 'bump' type app possible

Also I want to be able to use friend relationships as a spam filtering control. Perhaps you only want to accept encrypted email from people if you know them. 

My spam problem is a little larger than most. While I was doing anti-span at VeriSign I received a quarter of the mail for the company. I have been under a DoS attack on my mail for a considerable time.


But in any case, at the moment we have email, I'm, voice and video all as separate apps unless we go through a proprietary scheme when they become one. The missing piece for email security is key discovery. If we are going to solve that problem for email we should do it for all the other apps as well.


The market for secure email is going to be tiered. There will be folks like us who want to have full control and do a lot of the work ourselves and there will be people who want to buy in the expertise and then there will be institutions that need to outsource.

As folk probably know, I work for Comodo and so I am interested in the possibility of establishing an enterprise market for secure email services. But that is only an interesting commercial prospect if there is a chance that secure email will become ubiquitous. 

In the near term, the critical mass for secure email has to come from another sector. People concerned about PRISM seems to be the constituency most likely to drive adoption. Even if the threat from other sources (Iran, Russia) is actually greater in my view. 



>> I have a protocol compiler. Just give it an abstract schema and out
>> pops a server and client API library. Just need to add the code to
>> implement the semantics. It is up on Sourceforge, will update later
>> this week.
> 
> Neat!  Link, please?

https://sourceforge.net/projects/jsonschema/

The code should be uploaded later this week or early next. Just got back from Europe and having some hardware issues of the expensive kind.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130826/03008258/attachment.html>