Automatic e-mail encryption

Peter Lebbing peter at digitalbrains.com
Sat Jul 19 14:26:44 CEST 2014


On 19/07/14 00:34, Ingo Klöcker wrote:
> Sure. But the NSA already knows the correspondents of all of our mail
>  anyway. Keyserver lookups do not add any additional data

Pssh. What an argument. Please refrain from such useless rhetorics.

> But the keyserver (owner) has to be trustworthy anyway.

First of all, "trustworthy" is a really ill-defined notion. Should I
give them my credit card? Secondly: why? Why does a keyserver need to be
trustworthy?

In fact, why do I even need a keyserver? It's a convenience. But I can
just exchange keys with my peers. I don't need to trust any keyserver
operator. Unless it is silently done behind my back, that is.

Here's an idea: when elliptic curve becomes ubiquitous, simply include
your public key in the header of every e-mail you send. That's way
closer to how SSH works, since it uses only one channel, in this case
the e-mails themselves. Perhaps it would be a good idea to only include
the actual EC public key, and not the whole OpenPGP packet, to keep it
small.

You say signing isn't covered... I don't see why not. Just as you
automatically decrypt; automatically sign.

There still is the large issue of private key distribution. I have
several machines all connected to my e-mail account. It seems to me
there's a *lot* of infrastructure still missing for this to be almost
transparent to the end-user. This topic, if discussed at all, should be
discussed by itself and not as some kind of counter-offer to symmetric
encryption, because the problem space is vastly different.

By the way: if we had a working alternative to SSL/TLS, all the mail
servers could talk to eachother securely without eavesdropping. That way
the contents of e-mails is only exposed on the sending SMTP server and
the receiving SMTP and mailbox servers (f.e., IMAP). The mailbox server
already knows when you use automatic decryption to facilitate searching,
and the receiving SMTP server is probably under the control of the same
people that control the receiving mailbox server. So they are probably
about equally difficult to access. And likewise, the sender will have a
decrypted copy in his Sent folder on his mailbox server, and the sending
SMTP server is again close to that server. So if only we had a way to
properly authenticate SMTP servers, I think we get almost the same
effective protection for the users, albeit without signatures. And this
requires only changes to a "couple of" servers, instead of to all endpoints.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list