[Cryptography] Facebook on the state of STARTTLS
Russ Nelson
nelson at crynwr.com
Wed May 28 08:24:54 EDT 2014
Jerry Leichter writes:
> Let's divide received mail into two buckets: Email from someone I
> already know, and email from someone I don't know. Messages in the
> first bucket should use a private key agreed upon between me and
> that other party.
I already do that, and it works quite tell. The "private key" that I
use is chosen from a keyspace of billions, and has 5000 valid
entries. This key is of course the sender's email address.
Remember Nelson's maxim: Cryptography without a threat model is like
cookies without milk.
There may come to be a time when this algorithm no longer works, and a
larger keyspace is needed.
> But there are ways to limit that if I'm willing to limit "mail from
> an unknown sender". For example, that interface might only support
> very restricted messages - the sender has to fill in one of a small
> number of forms (you don't know me but I got your address from X, I
> also know Y who you work with, I'd like to talk to you about Z).
No uppercase subjects, no emails in a language I can't read, no
eight-bit characters (yes, not so easy for people who need UTF, but
you could filter out characters you don't need), emails purporting to
be from paypal but not, emails with various RFC822 / RFC821 flaws, no
images, no zipfiles.
> > ... and of course we still have not demonstrated
> > usable human to human internet-scale key management.
> You bet. *The* big unsolved problem.
Yep.
--
--my blog is at http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213 | Sheepdog
More information about the cryptography
mailing list