[Cryptography] multi-key encryption of "meta" data

[Jerry Leichter]

On Jul 15, 2014, at 5:03 PM, John Denker <jsd at av8n.com> wrote:
> It seems to me that the binary distinction between "metadata" and
> other data is a crock.  As a glaring example of the problem, common 
> protocols for encrypted email encrypt only the main body of the 
> message, leaving /all/ the headers unencrypted.  This is a serious
> security breach, as discussed below [*].
> 
> We can do better than this.  We need to do better than this....
I agree with what you say, but want to inject one note of caution:  We've been down this road before, in defining XML security.  The financial industries needed to support all kinds of complex trust models and layers of authentication and encryption.  The end result some something its designers have pretty much disavowed.

The main message has to be:  Keep it as simple as possible.  There's tons of stuff that would be "nice to have" but that ultimately it's better to live without.  Does email really need its own security model?  Forget the data/metadata distinction entirely.  (The main reason it's maintained in the mail-related protocols is to support various server-side sorting and searching operations - most of which don't work well anyway.)  We have some data to deliver; we need a way to specify and resolve who to send it to.  We may want to protect against traffic analysis.  These are issues common to many transport protocols.  There's little reason - other than history - for mail-specific encryption.
                                                        -- Jerry