[Cryptography] [cryptography] Email encryption for the wider public
Joe St Sauver
joe at oregon.uoregon.edu
Sun Sep 21 15:30:04 EDT 2014
Hi,
Hope everyone's having a nice Sunday. John commented:
#This sounds just like S/MIME, with the minor exception that S/MIME
#puts the key in the MIME body. Once I send you a S/MIME signed
#message your MUA can put my key in your address book, and you can send
#me encrypted mail. This has worked in MUAs since forever.
It works, but it's not a complete solution. For example, assume I want to
use an escrowed encryption key, and a non-escrowed/non-repudiable signing
key -- that breaks this model, and users need to resort to an online
directory to get the keys they need.
Online directories can be fine at enterprise scale, but fall apart at
Internet scale.
#> Anybody can send her email like this:
#
#Right. S/MIME's solution was to require keys to be signed by a well
#known CA, but we know how well that works in practice.
The biggest issue is not the fact that S/MIME involves use of a well
known CA, but that the binding is normally to an email address rather
than to a real identity (the personal cert version of domain validation
SSL/TLS certs).
Rigorous identity proofing is always a pain, and given that most folks
don't care (unless we're talking about something like a CAC or PIV card),
most client certs just treat your email as your "identity"
Regards,
Joe
More information about the cryptography
mailing list