[Cryptography] Dark Mail Alliance specs?
Guido Witmond
guido at witmond.nl
Sun Nov 24 05:29:42 EST 2013
On 11/24/13 01:20, Jerry Leichter wrote:
> There's a third recent factor, of course: Increasingly, people read
> their email through Web interfaces. There's simply no way to make
> that secure in current browsers. Sure, you can download some
> Javascript to decrypt your mail, but there's no good reason to trust
> it!
Yes, there is a way. Instead of using javascript with its eternal
validation problems, use a browser plugin to do the key handling and
message signing.
> My suggestion is that there are two fundamental problems that need to
> be attacked:
>
> 1. The key lookup/distribution problem. It has to be easy and
> straightforward to get keys in the common use cases. In fact, it
> needs to be so easy and straightforward as to be invisible to most
> users most of the time. It's easy to get caught up in difficult edge
> cases that can't be handled easily. This is a case where "the best
> is the enemy of the good". Cover as much as you can cleanly today;
> worry about the hard cases tomorrow. (Many people will never run
> into a need for a solution to a hard case, and those that do may be
> willing and able to do more work.)
Using anounymous client certificates and a GPG-keyserver model (reached
via Tor) you can create a key distrubution mechanism that solves these
issues. You also need to remember the certificates in your address book.
Don't throw away the result of your validation actions, remember them!
> 2. The Web mail problem. I can see only one solution to this: Get
> S/MIME implemented in browsers. HTML/5 already contains tons of
> interfaces (way too many, I'd say, but that ship sailed a *long* time
> ago) to implement various things that simply need to be present
> *everywhere*, generally for performance reasons. (After all,
> Javascript *is* Turing-complete.) While S/MIME or some other secure
> mail protocol *could* be implemented in Javascript, it would have to
> be downloaded each time - and there's no way to guarantee security.
> If S/MIME were built in, you would have exactly as much reason to
> trust it as you would to trust the S/MIME in your conventional MUA.
That's something I've also conquered. My agent module does the
encryption and decryption.
In fact, you can try it out: download the proxy[1], configure your
browser to use it and browse to http :// dating.wtmnd.nl:10443/ (the
proxy does the https to the server).
Create an acccount and send a message to guidow@@dating.wtmnd.nl.
When you use Tor, my server can't even learn your IP-address.
See:
http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html
Regards, Guido Witmond
1: http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131124/ca95cefa/attachment.pgp>
More information about the cryptography
mailing list