[Cryptography] Email is unsecurable
James A. Donald
jamesd at echeque.com
Tue Nov 26 01:34:21 EST 2013
On 2013-11-26 06:28, Nico Williams wrote:
> E-mail has been not secure for... 40 years. So what? It works well
> enough for a lot of things, and nothing else we've yet seen would work
> as well for some uses (e.g., fora like this one).
Why could not a forum like this one be a hidden web service, wherein one
logs in with a zero knowledge password protocol.
The client could be written so that the user interaction remained the
same as at present, even though the underlying protocol would be very
different.
Your client, whereby you interact with the forum, has a master password,
and typically concocts per forum passwords on the fly, which is to say
per mailing list passwords on the fly.
Usernames would have the form example$forum_name
Forum name would be non memorable, but the user would not typically need
to type it, or even see it, merely click on it. (Zooko's triangle)
Messages sent to the entire mailing list would default to public, that
anyone could browse without necessarily creating a username and
password, but more private non default forums would be possible - for
example, that even messages sent to the entire mailing list default to
private, and that in order to sign up, you need to send a request to the
list that no existing member of the list blackballs.
More information about the cryptography
mailing list