On 10/10/2013 08:54 PM, John Kelsey wrote: > Having a public bulletin board of posted emails, plus a protocol for > anonymously finding the ones your key can decrypt, seems like a pretty decent > architecture for prism-proof email. The tricky bit of crypto is in making > access to the bulletin board both efficient and private.
An alternative I've been considering is having e-mail clients support bouncing messages if they are received for an incorrect envelope address. So you can have an envelope address and a PGP encrypted blob, and when you decrypt that blob there's a new RFC822 with a new envelope address and another PGP encrypted blob. If e-mail clients honor a forwarding agreement on this kind of message, it will be practically impossible to tell who sent the original message and who is the final recipient. The really hard bit about this is that there are a lot of e-mail clients out there, and getting them all to support this - even optionally - is may take some doing. > > --John > _______________________________________________ > The cryptography mailing list > email@example.com > http://www.metzdowd.com/mailman/listinfo/cryptography _______________________________________________ The cryptography mailing list firstname.lastname@example.org http://www.metzdowd.com/mailman/listinfo/cryptography