From: Phillip Hallam-Baker <[email protected]> Date: Thursday, September 26, 2013 8:12 PM To: <[email protected]> Cc: SM <[email protected]>, perpass <[email protected]>, Bjoern Hoehrmann <[email protected]> Subject: Re: [perpass] A proposal for developing PRISM-Proof email
> On Tue, Sep 24, 2013 at 7:23 PM, <[email protected]> wrote: >>> > >> In the case of email, meeting that goal with end-to-end encryption mechanisms >> like S/MIME or PGP is necessarily going to mean having a nonnegligable amount >> of email traffic encrypted. The minute that happens spammers are going to >> join >> the party in a big way precisely because of the ability this confers to get >> past transport-side content inspection and filtering. > > Yes, I anticipated that problem. Though I am not sure what the solution is. I > consider this to be part of the 'research' problem and didn't want to bias the > paper describing the decomposition of the problem. > > One approach would be to only accept encrypted mail if it is signed by someone > in my circle of trust or an adjacent circle. Which is one of the reasons I > started looking again at a hybrid of Web o' Trust and CA managed trust. > > > One option would be that a notary allows parties registered to notarize up to > 10 key endorsements per week, pick a limit, the bad guys need thousands of > disposable addresses every hour. > > Another would be to get an EV cert and use that to endorse EE certs as legit. > Consumers are not going to want to spend that sort of money but it is probably > the cheapest solution for an enterprise. Another would be to encrypt using multiple keys for each recipient. This could help with the multiple device problem. The set of keys used could include a key for a filter if desired.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
