[Cryptography] Clinton email issues

Ralf Senderek crypto at senderek.ie
Sun Mar 24 09:17:20 EDT 2019

On Sat, 23 Mar 2019, Phillip Hallam-Baker wrote:

> All of which is why I have spent the past five years working on making end to end email security
> practical and easy to use. 
> I can now make end to end encryption exactly as easy as regular email. Just put the email
> address in the message as normal and send.
> If the email client is Mesh enabled, it can recognize this as a SIN and work out that it needs
> to apply a security policy (OpenPGP or S/MIME) that has the fingerprint mb2gk--
> The Mesh code is all open source. I am currently working methodically through the documentation.
> If someone would write an SMTP proxy that intercepts the outbound email and applies
> enhancements, we could get this into people's hands sooner than if I write all the code on my
> own.

I'd like to see a concise threat model for the MESH here.

If switching to a different email address ist all the user
has to do (plus using the proxy) then all the crypto has
to be done in that proxy on the user's machine and you'll
have to answer at least
    a) which crypto library you use, how and why
    b) how you intend to protect the encryption keys
    c) how key management is done on the user's machine
       without the user selecting keys
    d) why the user can be sure she is talking to the
       right person and no one else.
    e) how you will ensure proper performance of a-d
       on a bunch of different OS (some of them proprietary)

If the crypto is not done on the user's machine, then you 
are in "We're running an invincible server, give us your
plaintext via https and we'll do the rest to make you 
secure" land and then you should stop calling this thing
end-to-end encryption.


More information about the cryptography mailing list