lrk wrote:

Perhaps it is time to define an e-mail definition of crypto to keep the
"postman" from reading the "postcards". That should be easy enough to
implement for the average user and provide some degree of privacy for
their mail. Call it "envelopes" rather than "crypto". Real security requires more than a Windoz program.

Oh, that's really easy. Each mailer (MUA) should (on install) generate a self-signed cert. Stick the fingerprint in the headers of every mail going out. An MUA that sees the fingerpring in an incoming mail can send a request email to acquire the full key. Or stick the entire cert in there, it's not as if anyone would care.

Then each MUA can start encrypting to that key opportunistically.

Lots of variations.  But the key thing is that the MUA
should simply generate the key, sign it, and send it out
on demand, or more freuqently.  There's really no reason
why this can't all be automated.  After all, the existing
email system is automated, and trusted well enough to
deliver email, so why can't it deliver self-signed certs?

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to