On Wed, 29 Nov 2000, Ian BROWN wrote:
> Bram Cohen wrote:
> >What we really need is a system which just stops passive attacks. The best
> >idea I've come up with so far is for all outgoing messages to have a
> >public key attached, and if you have the public key of an email address
> >you're sending to you use it
>
> Indeed -- this is one of the current advantages of S/MIME over OpenPGP.
> Absolutely no reason why any PGP implementation shouldn't do it. This also
> allows you to do perfect forward secrecy: generate new short-life encryption
> key pairs for each message, sign the public key with your longer-lived
> signature key, and include it in your message for the reply. See
> http://www.ietf.org/internet-drafts/draft-brown-pgp-pfs-01.txt for an attempt
> by Adam Back, Ben Laurie and myself to standardise this and other PFS
> techniques for OpenPGP.
Good to know someone's done work along these lines.
A problem with including a public key with every plaintext message is that
it isn't very discreet - actually looks kind of ugly in some peoples's
email clients. This could be changed by making a header line saying
something like X-accepts-crypto, and have other mailers only send their
keys to addresses they've formerly gotten mail with that header line from.
Come to think of it, there are some tricky issues with regards to crypto
on mailing lists, it might make sense to have a
X-crypto-originator [EMAIL PROTECTED] line in the headers to specify that the
crypto information contained in that piece of mail applies to the address
[EMAIL PROTECTED] - otherwise there's no clear way of unraveling all the
possible mixes of from, to, and reply-to headers which could possibly be
sent to a mailing list.
-Bram Cohen
