On Sun, Dec 29, 2013 at 2:38 PM, Watson Ladd <[email protected]> wrote:
> One obvious solution for end-to-end email encryption is to use > ID-based cryptography: a new record type would be defined in the DNS > containing the system key for an ID-based system, and the username > (everything before the '@') would be the identity used. This would not > obscure addresses or the fact of communication right now, but would > prevent interception at intermediate nodes. It would be webmail > compatible. > > Are there any issues beyond the merely cryptographic that I need to > consider here? Can this be shoehorned into S/MIME, or do we need to do > something new? In the next few days I will try to make a > draft/implementation for this. > There are several problems with identity based crypto. The main one being that the technology 1) Requires a trusted third party 2) The trusted third party has knowledge of every user's private key 3) There is no way to revoke a private key in the case of key compromise There are of course various proposals to mitigate the last problem but none that does not completely erase all the benefits of identity based crypto. If the relying party is going to check some service to get key status they might was well check for a certificate. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
