E-Mail Encryption: Why Isn't Everyone Doing It?

David Shaw dshaw@jabberwocky.com
Fri Oct 25 19:32:02 2002

On Fri, Oct 25, 2002 at 12:58:44PM -0400, Josh Huber wrote:
> David Shaw <dshaw@jabberwocky.com> writes:
> > There was talk about a email based robot CA a few months ago.  It
> > would check only the email address (by sending a challenge).  An
> > interesting idea, if done right.
> I think this is a great idea. (again, if done right)  Was this
> discussion on this list, or elsewhere?

It was on the cryptography list, I believe, and a few other places

The basic idea was a web form where a user could paste their key or an
email address to send it the key to.  The program would then email a
challenge string to each email address on the key.  If the challenge
came back signed by the user's key, then the program would sign that
user ID with its own key.

One gotcha we can avoid, if there are multiple levels of certification
in the future, is to use a different signing key for each.  That way
users can trust the signing key for the exact service they want.  I
understand Thawte got this detail wrong when they set up their PGP
signing service.

Anyway, the basic idea is pretty clear, but the details are not.  One
signing key?  Multiple signing keys?  What if a signing key gets
compromised?  And so on... ;)

I actually registered keysigners.org for the project back when it
first came up.  I happen to have a bit more free time nowadays (I'm
also adding trust signatures to GnuPG), so perhaps I'll ressurect the


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson