> -----Original Message----- > From: Benjamin Kaduk [mailto:[email protected]] > > You might have better luck on the endymail list, which is considering ways to > improve email privacy. I don't recall whether a scheme substantially similar > to your proposal has been discussed there, but there should be a good crop > of people interested in improving the state of email to comment there.
Hi Ben and Nico, I thumbed through the endymail archives and things appear to be sort of dead. I forwarded the message there anyway just in case someone's still listening. Lot of activity at first, then nothing till now. I just thought it was kind of neat. :) If it fails to spark any discussion I'll move on. My proposal seems to get around a few of the problems endymail identified simply by using a per-message key for in-flight data only. Quite a lot of the endymail discussion revolves around key management/distribution for end users. All of it involves using something related to the user's identity to encrypt email. My proposal appears to be distinct from anything discussed there because of my focus on per-message keys unrelated to anyone's identity. This also distinguishes it from Identity based encryption (thanks Nico!). The EKG never holds (or releases) keys related to someone's identity. This scheme has the potential to be a form of OTR protection by configuring the EKG correctly, anthough if you configure the EKG to hand the key out like candy, why bother encrypting it? Enterprises will likely not configure their key guardians in this way. Drawbacks are that you can only send encrypted email if your email provider operates an EKG, you and all your recipients have been issued "email address certificates" by the respective mail providers, and your recipients must have a PKI anchor your email provider is configured to trust. For enterprises interested in protecting their IP and operating their own email servers, this is not likely to be problematic. I suspect webmail clients could also participate, as the webmail server would be decrypting the message and then displaying it over https. Thanks, Bryce _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
