Ian Grigg wrote: > Hi Frank, >>So in summary I think it would not be such a bad idea for Thunderbird to >>implement a "bootstrapping" approach to signed and encrypted email based >>on automatically generated private keys and self-signed certificates, so >>long as it was restricted to correspondence with people whom the user >>had explicitly entered into their address book, and thus with whom the >>user could be presumed to have some sort of pre-existing relationship. > > Sounds like a good starting point.
I agree, and in fact there is some relevant prior art/code to get started. Gaim has an encryption plugin that uses NSS. The plugin can generate a certificate for you when you start. Then when you get sent an encrypted message, it checks if you have conversed with that peer cert before, and if not, will ask the user. From there on, as long as the cert your peer presents to you remains the same things just happen automatically. A thing to be cautious about with automatically generating a certificate and perhaps automatically signing all messages (and encrypting when possible) is that sometimes you want to remain anonymous (sending mail through anonymizers etc.) In those cases sending even one supposedly anonymous message as signed message can be a disaster. Might be better to err on not signing by default, and sign+encrypt by default when corresponding with a peer whose cert you have. -- Heikki Toivonen _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
