* SM wrote: >At 05:46 22-09-2013, Bjoern Hoehrmann wrote: >>Another scenario is that the supposedly secure email system relies on >>personal private long-term cryptographic secrets, and then the system >>becomes popular. How long before helpful cloud backup and cross device >>synchronisation systems compromise the keys? For that matter, how many >>will surrender the keys freely to their web mail system, for spam and >>virus checks, or a coupon? On Google's Android system you can get some >>cloud backup service, but only if you let Google have all "your" Wi-Fi >>passwords (which often aren't yours to share with Google). > >I'll comment on a part of the above only. The receiver no longer has >the ability to perform spam and virus verifications when the message >(body) is encrypted. The receiver can ask the users for their keys >to perform those verifications. That is already done in unrelated >scenarios and some of the users hand over their passwords [1].
Whoever is meant to read the message can perform, and ask others to perform, spam and virus checks as they see fit, with little need to reveal much about the message to third parties (by employing fully homomorphic encryption, generating noise, pulling blacklists in full instead of pushing specific items to a third party to check whether they are on the blacklist, for instance) and the ability to do so selectively (mails from people I have had a lot of contact with in the past do not need to be checked for spam, while I might not mind if strangers have to jump through extra hoops to send confidential mails to me). That's not on the path of least resistance, of course. -- Björn Höhrmann · mailto:[email protected] · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
