This is everything *but* PRISM-proof : it doesn t solve the metadata issue and your directory server containing public keys could very well be forced by a law enforcement agency ( in the best case scenario because it could also be the mafia) to answer the fbi/mafia public key on any request made to it.
On Monday, August 26, 2013, Richard Salz wrote: > I don't think you need all that much to get good secure private email. > You need a client that can make PEM pretty seamless; reduce it to a > button that says "encrypt when possible." You need the client to be > able to generate a keypair, upload the public half, and pull down > (seamlessly) recipient public keys. You need a server to store and > return those keys. You need an installed base to kickstart the network > effect. > > Who has that? Apple certainly; Microsoft could; Google perhaps > (although not reading email is against their business model). Maybe > even the FB API. > > It's not perfect -- seems to me the biggest weakness is (a) the client > could double-encrypt for TLA's to read, or (b) it could give you the > wrong key so your mail only goes to the bad guy -- but it's a hell of > a lot better than we have now and I'd say it's more than good enough. > > Thoughts? > _______________________________________________ > The cryptography mailing list > cryptography@metzdowd.com <javascript:;> > http://www.metzdowd.com/mailman/listinfo/cryptography > -- Alexandre Anzala-Yamajako
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
