On 9/7/14 11:09 AM, Dave Crocker wrote:
On 9/7/2014 6:21 AM, Pete Resnick wrote:
Obviously doing e2e
crypto gets you signatures.
No it doesn't. As a matter of practice, it probably will, but the
technology does not require it. Sigs are an entirely independent action
when doing object encryption.
Signatures, just like encryption, are part of cryptography. If you are
doing cryptography (in the way we normally do so for e2e encryption),
you can do signatures too. That's all I meant.
Since we are blue-skying here, I think it is
perfectly plausible to say, "If you want to send me e2e encrypted
messages, you also have to send me signed messages,
So you want to eliminate anonymous communications? Anonymity has
historical importance for some kinds of communication.
Pseudonymity (i.e., a signature that is not attached to a particular
human identity) may be sufficient for most cases. Doing so would still
require a prior-to-real-communication step of me allowing that signature
into my whitelist/contact list/whatever. For my personal email, I am
perfectly willing to say, "You get two choices: (1) You set up a prior
relationship with me with your signature, and only then do you get to
encrypt e2e; or (2) you only get to encrypt as far as my spam scanning
service."
Now, to take a recent example, the only way for Snowden to contact me
encrypted, unbrokered, and anonymously would involve a rather
interesting maneuver to get into my whitelist. But I think I can live
with that.
and you don't or
your signature is not in my contacts list already, your encrypted mail
is going to bounce." I think it's possible that in the fullness of time,
many users go to a contact-list model of email (a la IM) where the mail
simply bounces unless it has a signature that is already in the contacts
list.
The Procrustean bed always makes things simpler, and with only a few,
uhhh... shortcomings.
Indeed. And that is true of both this future environment where I would
bounce mail without a required signature, and my current environment
that requires me (or my agent) to accept, scan, review, and otherwise
deal with anonymous mail. Each has....shortcomings.
My point is not that signing is bad or checking against address books is
bad, but that mandating such things constrains legitimate communication
in important ways.
Let's not miss the point that we are *currently* constraining legitimate
communication in important ways, as my weekly hunt through my spam
folder and my occasional out-of-band, "Why did my mail bounce?"
complaint amply demonstrate. I choose my tradeoffs, I get the advantages
and disadvantages of those tradeoffs.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
Endymail mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/endymail
