STEED - Usable end-to-end encryption

Matthias-Christian Ott ott at mirix.org
Thu Oct 20 22:25:58 CEST 2011 

On Thu, Oct 20, 2011 at 04:16:01AM +0200, Marcus Brinkmann wrote:
> On 10/19/2011 09:30 PM, Peter Lebbing wrote:
> > However, I think you're not ambitious enough when you opt for using DNS for key
> > distribution. Yes, the infrastructure and RR types[1] are already there. But it
> > brings this nasty dependency on the provider. Because the part of the client
> > updates to the DNS is a key missing part in the DNS infrastructure as today, and
> > I don't see providers adding that soon.
> 
> You are right that it is a challenge to get the support in the providers, but
> note that changes in the mail client are required anyway.  Sure, changing the
> client and changing the DNS infrastructure are two different kind of beasts,
> but we probably can not do without the providers completely if we want
> ubiquitous support.

But who are the providers? Except for people who work in computer
science, physics or similar fields I don't know people who run their own
mail servers or are part of a cooperative. Most other people use a
handful of providers who often offer free service in exchange for the
loss of privacy or at least some form of semi-targeted advertisement. Do
you expect those providers to ruin their business models by implementing
this proposal? I wouldn't count on them.

Perhaps the providers could also be forced by law not to implement
this, because (if I remember correctly) come countries require that
they store at least the header information (including subject, which
should also be encryted by the system) for traffic analysis. So in
the worst case the providers couldn't implement this without breaking
the law (I doubt that citizens could use the system without breaking the
law in this situation either, but individuals are often more venturous
than organisations).

What about making everyone their own provider? The efforts in this
direction intiated by Eben Moglen that lead to the FreedomBox and other
projects seem to go in the right direction. It doesn't seem to me less
realistic than requiring cooperation from providers.

Regards,
Matthias-Christian

More information about the Gnupg-devel mailing list