STEED - Usable end-to-end encryption
Jerome Baum
jerome at jeromebaum.com
Mon Oct 17 20:25:04 CEST 2011
> http://g10code.com/docs/steed-usable-e2ee.pdf
Skimmed over this. You say that you need ISP support to get the system
adopted (for the DNS-based distribution). Wouldn't that hinder adoption?
hotmail and the like still don't support POP3 or IMAP in a standard
account, and they are still popular options.
So obviously email providers aren't the right place to look to get a
technology deployed, especially one that hinders their access to email.
How about an opportunistic approach? This email should include the
following header:
OpenPGP: id=C58C753A;
url=https://jeromebaum.com/pgp
The MUA could recognize a header like this one and remember that there's
a certificate -- so the next email we send will be encrypted. The first
email couldn't be, but is that worse than no encryption at all?
Basically something like Strict-Transport-Security.
What do you think?
Like I said this is based on a quick skimming of the paper. Sorry about
the long message.
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users
mailing list