[Cryptography] Clinton email issues

Phillip Hallam-Baker phill at hallambaker.com
Sat Mar 23 22:49:54 EDT 2019 

On Fri, Mar 22, 2019 at 12:59 PM Arnold Reinhold <agr at me.com> wrote:

>
> On Thu, 21 Mar 2019 21:57 Phillip Hallam-Baker wrote:
>
> ...
> > Because if security is going to be any use to people it has to be easy
> > enough that a 60+ year old grandmother who left school before the
> Internet
> > arrived can use it because she is the US Secretary of State. ...
>
> There are a number of security issues related to the Hillary Clinton email
> story that seem to have gotten lost.
>
> The Secretary of State’s job involves sensitive negotiations where
> complete confidentiality is essential. The unclassified State Department
> email system was widely reported as having been hacked by the Chinese, to
> the point where it took a long time to purge the system. The classified
> email system was, of course, run by the NSA, which is part of the
> Department of Defense. Rivalries between DOD and State are legion and there
> was no reason for Secretary Clinton to trust that her email would be kept
> confidential from the Secretary of Defense, not to mention dozens of system
> administrators and other civil servants. She was reportedly advised by
> outgoing Secretary of State Colin Powell to get a private email account.
>

This is very close to my theory which is that she didn't trust the GSA
staff. Nor should she as the behavior of the NYC FBI proved. If she had
used the GSA server, her emails would have been leaked to the Republicans
in the House for their Benghazi treachery.

All of which is why I have spent the past five years working on making end
to end email security practical and easy to use.

I can now make end to end encryption exactly as easy as regular email. Just
put the email address in the message as normal and send.

OK so there is some magic: I change the email address to embed the
fingerprint of the recipient:

alice at example.com.mm--mb2gk-6duf5-ygyyl-jny5e-rwshz

If the email client is Mesh enabled, it can recognize this as a SIN and
work out that it needs to apply a security policy (OpenPGP or S/MIME) that
has the fingerprint mb2gk--

The Mesh code is all open source. I am currently working methodically
through the documentation. If someone would write an SMTP proxy that
intercepts the outbound email and applies enhancements, we could get this
into people's hands sooner than if I write all the code on my own.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190323/26a8b4bf/attachment.html>

More information about the cryptography mailing list