[Cryptography] DIME // Pending Questions // Seeking Your Input
Ladar Levison
ladar at lavabitllc.com
Wed Mar 11 12:26:54 EDT 2015
On 3/7/2015 1:17 PM, Peter Fairbrother wrote:
>
> It's almost as if it was designed by NSA to leak as much information
> as possible, be hard to implement, and be easy to attack.
>
> It leaks user details (the split signets).
>
> It leaks MIME and other message details.
>
> It requires new server software for existing email servers.
>
> It requires a whole new new server infrastructure.
>
> It requires a user to give out his real name to a CA in order to use it.
>
> It requires a user to trust a server.
>
> It requires a user to make security decisions the average user is
> incapable of.
>
> It has a huge attack surface.
>
>
> None of these are necessary in order to provide any of the advertised
> functionalities in DIME.
>
> In short, it stinks.
Most of your bullet points are simply wrong. You've managed to confuse
optional with required. Only the information needed to encrypt email
messages is required.
Yes it will require writing code. That's the hard part.
Yes the spec is too darn long.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150311/fcfd94ed/attachment.sig>
More information about the cryptography
mailing list