Encouraging email security.
Sun May 18 01:41:02 2003
Content-Type: text/plain; charset=us-ascii
I was thinking about how most people have no understanding or interest in=
email security. OpenPGP is hard enough to understand and use that getting=
the majority of the population to use it seems a formidable task.
I thought of a compromise that might be a step forward. I was hoping that=
those who know more about this than I could offer an opinion.
There could be a mail client with the following properties:
1) Automatically creates a pre-defined key setup (e.g. 4096 RSA,
1024 DSA, 2048 ElGamal).
2) Automatically signs, and encrypts emails (when the pub key is=20
3) Here is the big one:
It stores the user's password in the hard disk, in the style of
Mozilla, so that the user doesn't have to type it. It all happens
This would be a significant down compared to the proper use of OpenPGP,=20
but a significant up compared to what exists today. Now emails would go=20
around signed and encrypted. In order to read a message an attacker would=
have to get the password from the recipient's hard drive. A determined=20
attacker could certainly do that, but the casual one would not.
Today's email system is about as secure as a postcard.
This alternative would raise the bar somewhat bit above sending mail in a=
sealed envelope. It raises the effort needed to eavesdrop in a=20
conversation or impersonate someone.
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----