hi Russ, Intriguing idea; the approach of striping content across multiple points at rest for eavesdropping resistance - spread-spectrum messaging, if you will - is definitely worth considering as a tool in the toolbox here.
A unified identity pushes us in the other direction, though, unless it's done very carefully... Comments inline. On 4 Sep 2013, at 10:43 , Russ White <[email protected]> wrote: > A couple of interesting things: > > -- Once we introduce the idea of negotiating parameters through a MIME type, > it might actually be possible to do some sort of KIK thing to encrypt each > piece separately. > -- Large files can be sent more efficiently between UIS' by spreading the > load over multiple services. > -- As each "service" (a complete email service in today's terms) only gets > part of the message, anyone eavesdropping must now collate all the different > pieces to get a complete conversation. I presume each chunk is (1) encrypted and (2) non-contiguous? Otherwise you have the problem that the information density and interesting-information-density in most email messages is unevenly distributed, and then you only really need some subset of the content to get the interesting information out. > -- You're introducing the idea of a unified identity that doesn't change > even if you change your email providers. If each of the chunks contains the source identity and the destination identity, then you're essentially scattering the fact of the association between the source and the destination across multiple observation points. While it makes content recovery harder, it may make massive-scale association recovery easier. For pervasive surveillance, one could argue the associations are more interesting than the content. They're certainly easier to store and analyse en masse. Cheers, Brian _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
