At Thu, 17 Jun 1999 11:35:42 -0700 (PDT), Sameer Parekh <[EMAIL PROTECTED]> wrote:
>> this. SSL is a bitch (which is presumably why the applet doesn't use
>> it).
> SSL is a bitch for good reason.
OK, but it is possible that some of those reasons wouldn't apply to
hushmail, where both ends of the connection are controlled by the same
entity and can agree in advance on cipher suites, etc. (e.g. both
sides are using ElGamal with Blowfish).
What I would like to see is, instead of using SSL to download a
session key, they could send the session key encrypted with the user's
ElGamal key. This would require sending the encrypted private key
itself "in the clear", but it is already Blowfish encrypted so that
should be OK. Then there would be no need for SSL and the system
would be more self contained.
Down the road, it would be nice to see a key management applet. You
could display key fingerprints for your keys and those of people in
your address book. Then you could sign the keys that you trust, a la
PGP but not necessarily with the whole web of trust, just a local
signature that says that you have verified that this key really
belongs to that person. This way you would get away from having to
trust hushmail as the only CA.
Of course we can dream of having it use X.509 certs and PGP keys and
every other PKI that comes along, but that is clearly a long way down
the road. Some simple way to verify keys out of band and mark them
that way would be a good starting point. Can you do signatures with
ElGamal keys? Weren't there some problems with ElGamal sigs found
last year?
--Hush
Get HushMail. The world's first free, fully encrypted, web-based email system.
Speak freely with HushMail.... http://www.hushmail.com
