Umm, no, I was showing why end-to-end works for authentication (no need for the same key in every device) but not for S/MIME.
The way to make S/MIME practical for Alice would be to do as you suggest and have Alice's private key out there in the cloud somewhere and have the server where it is kept be in charge of decrypting inbound messages and then re-encrypting them for each of Alice's devices. This is a very good model for protecting content, but it is not end to end, there is a bump in the wire where the email messages are being decrypted and re-encrypted. So in practice this use of S/MIME is no more end-to-end than SMTP over SSL. Now I guess we could throw some crypto pixie dust over the scheme maybe and reduce the ability of the intermediary to default, but in the real world nobody is now going to accept encrypted email from just anyone. Well not once the number of other people doing that has risen to the point where it is worthwhile spamming PGP or S/MIME users. On Wed, Feb 8, 2012 at 8:46 PM, Zack Weinberg <[email protected]> wrote: > On Wed, Feb 8, 2012 at 5:22 PM, Phillip Hallam-Baker <[email protected]> wrote: >> Alice has three mobile phones and six laptops. > ... >> Trying to make S/MIME email work in that scenario is futile. The >> sender only tracks one private key for Alice. So Alice has to export >> her private key to all her S/MIME clients. Not only is that terrible >> security practice, it is too much work. Worse, Alice has to repeat the >> process once a year. > > This is a special case of the confidentiality scenario, isn't it? > Alice's private key is stored somewhere in the cloud, and the server > will send it only to a device that can authenticate as Alice's device. > But you also want to prevent the server from impersonating Alice: so > the key needs to be encrypted on the server, and decrypted on the > device. The dumb, probably good-enough way to do that is to have Alice > enter a passphrase on the device which gets PBKDFed to the decryption > key. I bet there's something cleverer in the land of secret sharing > schemes, but I'd have to go dig it up. > > zw -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
