On Sat, Oct 12, 2013 at 11:45:00PM -0700, Mike Demmers wrote: > On Sat, 12 Oct 2013 19:03:44 +0100 > Leo Vegoda <[email protected]> wrote: > > > How is key management handled? > > Ok, first I want to summarize again, incorporating the changes made after > Bjoern's commants. > > We are now looking at a two level key exchange, one with a 'public' public > key, and a second with a 'private' public key. And I am trying to keep this > just two buttons, 'Friend' and 'Unfriend' to make it as simple as possible.
[...] > > Making good key management lightweight strikes me as a hard problem. > > Is that wrong? > > You tell me. Will the above work? Seems pretty simple to me. I am not a > security expert though, just a poor user who wants this to all be MUCH easier > (for end users, system admin users, and programmers). Where are the flaws? > > I think what makes present key management hard in email is the current > assumption that 'anyone must be able to email anyone at any time' - default > accept, in other words. To do this you need things like public keyservers, or > some other way that keys can be easily known. > > Default deny for encrypted email removes that problem, since both sides must > already be known to each other. > > Remember my goals: > > Get everyone to use at least some email encryption by making it really simple > to use, and having a reason (less spam) more instantly apparent than just > privacy. I am not a security expert either but presumably people will need to export keys for backup and deployment on other systems. For instance, many people have something like a laptop computer, a smartphone and a tablet. Presumably, users would want to use the same keys on all those devices so that they can read all their e-mail no matter which device they use. I also expect people would want to be able to revoke a key if a device is stolen and then generate a new key to replace it, back that up and distribute it to all the devices in use. I think the UI elements for generating and publishing a key are important but if the underlying key management doesn't meet people's needs then your goal of getting people to use encryption won't be achieved because the things they can do today won't be possible. So my questions are: - how do people use the same keys on all their devices? - how do people securely backup their keys? - how do people revoke keys when a device is stolen or otherwise compromised? Regards, Leo _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
