[Cryptography] DIME // Pending Questions // Seeking Your Input

Ladar Levison ladar at lavabitllc.com
Wed Mar 11 09:52:43 EDT 2015

> Now if the signet is to be used in a wider context, to encrypt eg voip,
> chat, and other end-to-end applications as well as email, perhaps do
> your online banking and call taxis, as a single universal user key
> signet, then there is a case for optional fields of the type you
> mention, with all sorts of personal data in them - but that is _very_
> much bigger project than DIME. Then the signet structure should be
> designed for that use, rather than for use in DIME, and even designing
> that sort of signet would be a big project.

The hooks are built in for extending it to other things, but that isn't
my focus right now. My focus is on getting the simple use case working.
Sending someone an encrypted message without them having to get a PhD in
mathematics first.

> So, what do you *need* in an email-replacement signet? Basically, data
> which tells the potential sender that the signet is, or purports to be,
> the right signet, and that is all. You don't need any more than that.

The core signet is a subset of the full signet. The core is made up of
the 5 fields required for encrypting email. Everything else is optional
and can be "split" off if the user doesn't want to store it.

> To allow someone to say "I warrant that this is my data, see, it has my
> signature on it"? Can't they just do that in a (signed) DIME-mail?

A simple explanation for using the optional fields: when someone types
in your email address and your client goes out to fetch the signet, it
can display a little more info about you in the compose window. Like
your name and photo. Of course its all optional so we'll see how it ends
up getting used. Think of it has typing a business card (or vcard) to an
email address. Optional of course.

> Here is another, linked, question; are you giving up the right to lie
> about who you are, or stay anonymous, in your email? It seems you need
> a CA signet in order to receive DIME mail, but can you get one without
> proving who you really are to the CA?

You can think of the org signet as the CA. Only in the world of DIME,
the org is the owner of the domain name. You get to pick you want to trust.

> If not, it seems DIME is pretty bad choice as a ubiquitous replacement
> for email.

Its not a replacement. Its a wrapper for MIME messages.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150311/239a59b6/attachment.sig>

More information about the cryptography mailing list