Re: [Cryptography] Functional specification for email client?

2013-09-01 Thread Ray Dillinger
On 08/31/2013 02:53 PM, John Kelsey wrote: I think it makes sense to separate out the user-level view of what happens. True. I shouldn't have muddied up user-side view with notes about packet forwarding, mixing, cover traffic, and domain lookup, etc. Some users (I think) will want to know

Re: [Cryptography] Functional specification for email client?

2013-08-31 Thread ianG
Some comments, only. On 30/08/13 11:11 AM, Ray Dillinger wrote: Okay... User-side spec: 1. An email address is a short string freely chosen by the email user. It is subject to the constraint that it must not match anyone else's email address, but may (and should) be pronounceable

Re: [Cryptography] Functional specification for email client?

2013-08-31 Thread John Kelsey
I think it makes sense to separate out the user-level view of what happens (the first five or six points) from how it's implemented (the last few points, and any other implementation discussions). In order for security to be usable, the user needs to know what he is being promised by the

Re: [Cryptography] Functional specification for email client?

2013-08-30 Thread Jonathan Thornburg
On Fri, 30 Aug 2013, Ray Dillinger wrote: 3. When an email user gets an email, s/he is absolutely sure that it comes from the person who holds the email address listed in its from line. S/he may or may not have any clue who that person is. S/he is also sure that no one else has

Re: [Cryptography] Functional specification for email client?

2013-08-30 Thread Ray Dillinger
On 08/30/2013 01:52 PM, Jonathan Thornburg wrote: On Fri, 30 Aug 2013, Ray Dillinger wrote: 3. When an email user gets an email, s/he is absolutely sure that it comes from the person who holds the email address listed in its from line. S/he may or may not have any clue who that