Hi Bjoern,
At 05:46 22-09-2013, Bjoern Hoehrmann wrote:
Another scenario is that the supposedly secure email system relies on
personal private long-term cryptographic secrets, and then the system
becomes popular. How long before helpful cloud backup and cross device
synchronisation systems compromise the keys? For that matter, how many
will surrender the keys freely to their web mail system, for spam and
virus checks, or a coupon? On Google's Android system you can get some
cloud backup service, but only if you let Google have all "your" Wi-Fi
passwords (which often aren't yours to share with Google).
I'll comment on a part of the above only. The receiver no longer has
the ability to perform spam and virus verifications when the message
(body) is encrypted. The receiver can ask the users for their keys
to perform those verifications. That is already done in unrelated
scenarios and some of the users hand over their passwords [1].
The question I would ask is what is the secure email system supposed
to provide to the user.
Regards,
-sm
1. I am not arguing that it is okay to do that.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
