On Aug 26, 2013, at 5:27 PM, The Doctor <dr...@virtadpt.net> wrote:

> Hash: SHA1
> On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
>> Which is why I think Ted Lemon's idea about using Facebook type 
>> friending may be necessary.
> Or Gchat-style contacts.
>> I don't think we can rely on that for Key distribution. But I think
>> it needs to be a part of the mix.
> What if the public key were baked into the user's public-facing
> profile in such a fashion that the client could pick it up
> automagickally but viewers just saw another link that they'd never
> click on anyway?

I am thinking that I want to make face to face exchange of keys via an iPhone 
'bump' type app possible

Also I want to be able to use friend relationships as a spam filtering control. 
Perhaps you only want to accept encrypted email from people if you know them. 

My spam problem is a little larger than most. While I was doing anti-span at 
VeriSign I received a quarter of the mail for the company. I have been under a 
DoS attack on my mail for a considerable time.

But in any case, at the moment we have email, I'm, voice and video all as 
separate apps unless we go through a proprietary scheme when they become one. 
The missing piece for email security is key discovery. If we are going to solve 
that problem for email we should do it for all the other apps as well.

The market for secure email is going to be tiered. There will be folks like us 
who want to have full control and do a lot of the work ourselves and there will 
be people who want to buy in the expertise and then there will be institutions 
that need to outsource.

As folk probably know, I work for Comodo and so I am interested in the 
possibility of establishing an enterprise market for secure email services. But 
that is only an interesting commercial prospect if there is a chance that 
secure email will become ubiquitous. 

In the near term, the critical mass for secure email has to come from another 
sector. People concerned about PRISM seems to be the constituency most likely 
to drive adoption. Even if the threat from other sources (Iran, Russia) is 
actually greater in my view. 

>> I have a protocol compiler. Just give it an abstract schema and out
>> pops a server and client API library. Just need to add the code to
>> implement the semantics. It is up on Sourceforge, will update later
>> this week.
> Neat!  Link, please?


The code should be uploaded later this week or early next. Just got back from 
Europe and having some hardware issues of the expensive kind.

The cryptography mailing list

Reply via email to