[Cryptography] prism-proof email in the degenerate case

Smári McCarthy smari at immi.is
Fri Oct 11 03:55:47 EDT 2013


On 10/10/2013 08:54 PM, John Kelsey wrote:
> Having a public bulletin board of posted emails, plus a protocol for anonymously finding the ones your key can decrypt, seems like a pretty decent architecture for prism-proof email.  The tricky bit of crypto is in making access to the bulletin board both efficient and private.  

An alternative I've been considering is having e-mail clients support
bouncing messages if they are received for an incorrect envelope
address. So you can have an envelope address and a PGP encrypted blob,
and when you decrypt that blob there's a new RFC822 with a new envelope
address and another PGP encrypted blob. If e-mail clients honor a
forwarding agreement on this kind of message, it will be practically
impossible to tell who sent the original message and who is the final
recipient.

The really hard bit about this is that there are a lot of e-mail clients
out there, and getting them all to support this - even optionally - is
may take some doing.

> 
> --John
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography


More information about the cryptography mailing list