Y'all: This entire issue with email security has been rattling around in my head ever since it's been discussed on list. I keep wondering why we can't do something TORRENT like with email... This is just a bare bones silly idea, but bear with me for a moment.
Assume each person has more than one email address. Or at least they should --there are a number of "free" email services out there (yahoo, Hotmail, google, etc.), and everyone should have at least one email service through their local "residence" provider, then maybe one through their mobile phone provider, etc. Let's say you have a couple of new MIME types available, one for breaking a single message up into multiple pieces and transmitting it in parallel across many different SMTP services, and another that advertises all the services you have available to you (treating each email address in the traditional sense as a single service). What could happen is this: -- Your email client recognizes not only all your existing email services, but adds a new "unified identity service (UIS)." -- Your email client can send a "services supported" MIME type to any other client that supports this new UIS. -- Someone hands you a business card with their UIS address. What happens? -- You send them an email. There is a hitch here because there must be a single common channel known at this point, but let's leave this aside for a moment. -- Instead of sending them the email on the first shot, the enabled email client sends a list of all the services this UIS supports. -- The client on the other end gets this list, and compares to a local list of supported services, and sends back a "valid list." -- Your client now breaks each email up into multiple actual emails, sending each piece as MIME attachment on an actual underlying email service. The number of pieces depends on the number of overlapping services you have available. -- The receiving client gets all the different MIME attachments, one through each service, reconstructs the original email, and delivers it to the UIS inbox. A couple of interesting things: -- Once we introduce the idea of negotiating parameters through a MIME type, it might actually be possible to do some sort of KIK thing to encrypt each piece separately. -- Large files can be sent more efficiently between UIS' by spreading the load over multiple services. -- As each "service" (a complete email service in today's terms) only gets part of the message, anyone eavesdropping must now collate all the different pieces to get a complete conversation. -- You're introducing the idea of a unified identity that doesn't change even if you change your email providers. Maybe the client could even choose a different underlying SMTP service for shorter messages, so that a single conversation is spread out among a lot of different services, etc. Anyway, this is really bare bones, and I don't know enough about email to put all the pieces together, or if this would even work, but it seemed like throwing it out there just for discussion (even if it's to be shot down!). Russ _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
