[Cryptography] [cryptography] Email encryption for the wider public
John Levine
johnl at iecc.com
Sun Sep 21 10:43:59 EDT 2014
>She can send you email at derek at ihtfp.com once, and when your replies
>all come from:
>
> From: Derek Atkins <lkjasdflksdlkjp2338tnlsdfh848492-hds8fs0D at ihtfp.com>
>
>then when she replies to you, she'll be sending encrypted emails. But
>there's another problem. ...
This sounds just like S/MIME, with the minor exception that S/MIME
puts the key in the MIME body. Once I send you a S/MIME signed
message your MUA can put my key in your address book, and you can send
me encrypted mail. This has worked in MUAs since forever.
> Anybody can send her email like this:
Right. S/MIME's solution was to require keys to be signed by a well
known CA, but we know how well that works in practice.
R's,
John
PS: Addresses that include keying info have patent issues. See Zoemail.
More information about the cryptography
mailing list