[Cryptography] [cryptography] Email encryption for the wider public

[Judd Storrs]

On Thu, Sep 18, 2014 at 7:44 AM, Derek Atkins <derek at ihtfp.com> wrote:

> *THAT* is the problem that needs to be solved.  You need to convince
> every MUA out there to make generating keys (and/or a certificate) as
> easy as PGP, and also make encryption the default.  Indeed, you need to
> get to a point where the MUA would pop up a dialog saying "You are about
> to send email unencrypted.  Anyone (like the NSA) could read this.  Are
> you sure?  y/N"
>

As I've been learning more about U2F, I'm growing hopeful that Google
End-to-End encryption (which I understand is an ECC-only OpenPGP
implementation integrated with the Chrome browser) is designed for
integration with the upcoming FIDO/Google U2F devices (which I understand
are ECC-based smartcards -- that Google is also deeply integrating into the
Chrome browser).

My understanding is that U2F implements a public key system where each
website/service/account/device generates unique keys (the design is claimed
to prevent tracking actual U2F devices). If U2F succeeds perhaps in the
future any website you register with using U2F will effortlessly gain the
ability to message to you securely via the U2F public key? I think I've
seen foreshadowing of this in the documents I've read so far. Yubico
recently announced public availability of U2F yubikey USB tokens are
expected october-ish (the U2F yubikeys are claimed to be widely used within
Google already). I have been very impressed with the usability of yubikey
and I'm optimistic it can support a UI that works well with "general
public" types.

--judd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140919/d73d51d2/attachment.html>