>> How does the 1st encrypted message get sent? How does the >> cert get sent? User action? Hints in received messages? > > I don't remember exactly. From the first user's point of view he just > chooses to send the message as encrypted. From the second user's point > he receives a message about the other user initiating encrypted > communications, presents a certificate, and asks if this is ok.
OK. Key distribution is the tricky bit. Good crypto protocols are divided into two parts, the first part of which says to the second part, "trust this key completely." The second part is relatively trivial, once we both have keys and we both know it, that can be knocked up in an afternoon (well, a long weekend). > The certificate itself could even be anonymous (i.e. nothing about > subject, like email etc. present), and it would still reveal your > identity if you used it in some other communications where your real > email was visible (the normal case). > > The point about anonymous case is that you don't want to sign or > encrypt. So no authentication in that case. Just having the certificate > present in the supposedly anonymous message would be damaging. You are making my case most excellently :) >> My view would be to drop signing as being an >> available operation of human meaning. I.e., do > > I am not advocating that. Signing is valuable in normal circumstances. Then we are a long way apart and we'll have to shout to get our messages that far ;-) I don't know too many circumstances where signing is valuable. I'm explicitly excluding message authentication from that - for that we have alternate techniques such as secure MACs so it is not a trivial assumption to just say "we sign because we need to authenticate." >> Having said that, simply dropping the authentication >> entirely and encrypting without any auth technique >> would be an entirely valuable thing. It's still >> wonderfully more secure than plain text email, and >> experience from the OpenPGP email community (which >> could be considered substantial) is that any active >> attacks on email users would seem to be remote and >> optional, even in the face of known attacks. > > To me encryption is practically synonymous to encryption plus signature. > I don't really see the point in encrypting if you don't sign. We are planets apart! I don't see much general use for the average user in signing an email, but encryption is great. >> As to your comment on anonymous email - I'd suggest >> this is a specialist requirement. Don't include >> anything in there that might lead us down a blind >> alley. Most people most of the time do not want or >> need to send anonymous email. Let's not break the >> app for the majority just to please the anarchists. > > Yes, it is a special case. But my point was that this special case is > important - sending just one supposedly anonymous message while > accidentally revealing your identity can be damaging. Yes. My advice is not to do it :) It is way way too tricky a business, and should be kept clear of any basic ordinary end-user protocols. As an aside, the creation of robust anonymous comms has strained the brains of some of the best thinkers. Now, how many years later, we still can't do it easily. The reason for that is ... it's really very hard! (I wish I could have been one of those guys that landed millions of startup capital and pissed it away on schemes to solve this problem... it really is a good fun thing to do, and honestly, give me the dosh and we'll get it right this time! Hey, they say that Mozilla has oddles of dosh - if Mozilla is keen on anon email, let's get them to plonk dosh on the table and I'm on board!) > I don't know how to design the app so that it would work with minimal > hassle for normal signature + encryption and make it obvious and simple > to disable signature and encryption when sending anonymous mail. Or > maybe there would need to be "send anonymous mail" button or something. > If you need to go to S/MIME button/menu after you've started the message > will almost surely mean you will forget to do so. Yup. Not to mention that you have no clue what identifying information other parts of the app (Thunderbird?) and your mail forwarder and your ISP's mail forwarder adds into other parts of the message. iang _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
