[Cryptography] Dark Mail Alliance specs?

James A. Donald jamesd at echeque.com
Tue Nov 26 21:38:01 EST 2013 

On 2013-11-27 09:41, Peter Gutmann wrote:
> Stephan Neuhaus <stephan.neuhaus at tik.ee.ethz.ch> writes:
>
>> In my opinion, massive user-controlled email encryption will not happen. Not
>> now, and not in the next ten years.
>
> My version of this (stolen from a comment by Vesselin Bontchev about user
> education for security): If mass-market secure email was going to work it
> would have worked by now.

Imagine skype as originally designed, (central authority maps public and 
private keys to user names) plus a key continuity feature, plus the 
seldom used option of doing a zero knowledge shared passphrase to detect 
man in the middle.

The possibility that the zero knowledge check could be used would deter 
powerful adversaries, even if seldom used in practice.  The more 
powerful, the greater the deterrent effect.

It is not totally end to end, central authority can listen in, but the 
check would limit the amount of listening.

It can be made completely end to end for strong passwords.  Assume login 
is by zero knowledge password protocol, which means that the central 
authority does not know the end user's password, for strong passwords.

The secret key is generated from the strong secret supplied by central 
authority, plus the password.

When you change your password, you generate a certificate mapping your 
new public key to your old public key, which certificate makes other 
people's key continuity check happy.

If key continuity fails, people get a warning, but they don't have to 
click it away, for that just trains people to click it away.  They can 
just continue right on and not pay attention to it.

Or they could use the zero knowledge shared passphrase procedure to 
detect man in the middle.

So, if non paranoid, and using easy passwords, works like skype used to 
work.  No interception except by central authority, and central 
authority cannot intercept everyone, or even large numbers of people.

If paranoid and using strong passwords, provides OTR like end to end 
capability.

More information about the cryptography mailing list