[Cryptography] FW: IAB Statement on Internet Confidentiality
Viktor Dukhovni
cryptography at dukhovni.org
Fri Nov 21 02:29:12 EST 2014
On Fri, Nov 21, 2014 at 08:55:28AM +0100, Ralf Senderek wrote:
> On Thu, 20 Nov 2014 22:55:59 Jerry Leichter wrote:
>
> >(Perhaps we *should* enable encryption as a way of testing just how well
> >- or, more likely, badly - existing solutions work. It might inspire
> >someone on the list to do better.)
> > -- Jerry
>
> It might as well inspire someone on the list to give already existing
> solutions that are out there for a long time a decent peer-review.
> This may help to get those software out of its state of invisibility
> they enjoy at the moment.
Perhaps the IETF endymail list would be a better place for that
experiment. Unless that special right someone is only here, and
is IETF-averse.
Here, there are plenty of non-email discussions, and forcing all
of these to endure experimental encrypted email is likely not a
good idea.
What's more, if this is to be more than just clear-signing, the
user agent would have to encrypt email to the list, with the
moderators removing the the sender's signature and encryption in
the appropriate order, and releasing the cleartext back to the list
through a filter than re-signs as the list and re-encrypts (to each
recipient separately, so as not to expose the lurkers in the enveloped
message).
That's a lot of work. A list friendly tool would allow preparation
of an encrypted, signed message once, with a given symmetric key,
that can be enveloped to each recipient without repeating the
encryption and signature steps.
Such work probably needs to happen on a smaller scale first, with
a working presented here if the authors truly feel it is suitable
for adoption. Speculation of whether to adopt in the absence of
already working/usable code seems futile.
--
Viktor.
More information about the cryptography
mailing list