[Cryptography] My deployment plan for end-to-end secure email.

[jrzx]

On Sunday, August 22nd, 2021 at 12:17 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> Threshold decryption allows encrypted documents to be shared and used with exactly the same
> ease as unencrypted documents, somewhat easier in fact as there is less need to be concerned
> about leaks on stolen laptops etc.

As I understand your proposal, you are not actually threshold encrypting the documents, but threshold encrypting the permissions request to the master server on the cloud, which holds secrets and whose operator has to manage those secrets.

This runs into the same problems that lead to DKIM with DMARK being unable to stop spearfishing attacks.

DMARK with DKIM certainly stops a lot of spearfishing attacks, and it makes spearfishing a lot harder, but not enough harder that people notice and care all that much.

DMARK with DKIM makes things a lot better, but it turns out that a lot is not sufficient to make a difference that people care or should care all that much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210831/10c5bc50/attachment.htm>