On Sun, Sep 07, 2014 at 07:09:53AM -0700, Dave Crocker wrote:
> > Since we are blue-skying here, I think it is
> > perfectly plausible to say, "If you want to send me e2e encrypted
> > messages, you also have to send me signed messages,
>
> So you want to eliminate anonymous communications? Anonymity has
> historical importance for some kinds of communication.
Signatures can be pseudonymous. In the scheme Phillip proposed,
where whitelisting for encryption is an action akin to adding to
the contact list or replying with an attached key, ... There is
nothing that requires Alice's signature to assert her "true"
identity.
Since email already carries identifying information in the form of
the reply mailbox address (also pseudonymous). The signature does
not add new constraints. Thus to send mail that is encrypted all
the way to the user, not just the gateway, the sender needs a
pseudonymous mailbox with an associated signature plus a willingness
by the recipient to whitelist an initial communication that is not
e2e.
--
Viktor.
_______________________________________________
Endymail mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/endymail
