[Cryptography] Dark Mail Alliance specs?

Ralf Senderek crypto at senderek.ie
Sat Nov 23 08:19:30 EST 2013


Phillip,
this is an interesting proposal, worth to be examined.

On Sat, 23 Nov 2013, Phillip Hallam-Baker wrote:
> The rest of this message is a heads up for folk who are interested in working on
> this problem that there are code projects they might consider.
...
> free choice of any of the crypto libraries in C or even Java/python/etc.

Why don't we use openssl and gpg, the crypto is already there and tested,
but we have to make ordinary people use it, which is far more complicated 
than coding another piece of software.

> The basic idea is to decouple the problem of trust management from the 
> question of message formats.

This is essential because trust in keys comes from different kinds of 
facts, the best of which are not electronically induced.
For some people it's an automatic CA sig check they don't understand,
for others it's some first-hand information and for some it's a handful
of Trust Link Statements from people who are unlikely conspiring.

> The first tool is almost working now and generates a keypair for the user:

Why can't anyone simply get a globally unique key identifier 
(ADAEXA-G4UKAN-UADASXA-JQAGBS-XAA) from an online service and put it into
"gpg --genkey" or  "openssl req -new -key x -out y" to create his keys,
maybe with the help of an online application?


> The second tool is a simple mail proxy which I am working on. The idea is that
> you redirect your outbound mail through the proxy.

Regardless of what the proxy does to the relayed email, you have to make 
sure that the plain text sent is perfectly safe, so at least you need to
have TLS to your proxy. So you'll need trusted keys for that before 
anything happens.

> 1) If the email address contains a ?, the mail will not be sent unless it can be
> sent under a security policy acceptable to the sender. This typically means end
> to end encryption using S/MIME or PGP.

Trusted public keys on the proxy server.

> 2) If the email address contains a ? and has a fingerprint, the mail will only
> be sent if it can ALSO be encrypted under a policy that has been signed under a
> key that is accredited under the specified public key.

Policy verification relies on trusted public keys, so the proxy encrypts 
with keys legitimated by the key corresponding to the fingerprint in the 
recipient's email address.
The ordinary email user will be forced to sign policies to
ensure proper delivery of an email he could encrypt himself?
Is complicating things really helpful here?

> A bare bones scheme does not require any web service at all. The public key and
> policy files can be fetched from a HTTP URL places at a .well-known location.

Which will essentially be the relay proxy of your choice.
But should the ordinary user not be in control of the policy he uses?
What mechanism allows the legitimate user to influence policies and at the 
same time makes tinkering with the stored policies impossible? Don't we
use trusted public keys already?


     -- Ralf


More information about the cryptography mailing list