Automatic e-mail encryption
kloecker at kde.org
Sat Jul 19 22:15:55 CEST 2014
please do not send me direct replies. I am subscribed so reply-to-list
is sufficient. (I wouldn't ask this of you if I'd receive two copies of
your replies, but I only receive the direct replies and this means I
cannot use reply-to-list. The mailing list is correctly configured, so I
blame a fancy deduplication feature of the receiving Exchange mail
On Saturday 19 July 2014 14:26:44 Peter Lebbing wrote:
> Here's an idea: when elliptic curve becomes ubiquitous, simply include
> your public key in the header of every e-mail you send. That's way
> closer to how SSH works, since it uses only one channel, in this case
> the e-mails themselves. Perhaps it would be a good idea to only
> include the actual EC public key, and not the whole OpenPGP packet,
> to keep it small.
I like this idea.
> You say signing isn't covered... I don't see why not. Just as you
> automatically decrypt; automatically sign.
It doesn't feel right to automatically sign messages with automatically
created keys. Also, signing is irrelevant for my use case: end-to-end
> There still is the large issue of private key distribution. I have
> several machines all connected to my e-mail account. It seems to me
> there's a *lot* of infrastructure still missing for this to be almost
> transparent to the end-user.
Yeah. Usage of multiple machines/devices is an unsolved problem.
> This topic, if discussed at all, should
> be discussed by itself and not as some kind of counter-offer to
> symmetric encryption, because the problem space is vastly different.
Right. I guess I simply grabbed the opportunity.
> By the way: if we had a working alternative to SSL/TLS, all the mail
> servers could talk to eachother securely without eavesdropping. That
> way the contents of e-mails is only exposed on the sending SMTP
> server and the receiving SMTP and mailbox servers (f.e., IMAP). The
> mailbox server already knows when you use automatic decryption to
> facilitate searching,
unless the decrypted messages are only stored locally. Yes, this would
break server-side searching and is problematic on devices with limited
> and the receiving SMTP server is probably under
> the control of the same people that control the receiving mailbox
> server. So they are probably about equally difficult to access. And
> likewise, the sender will have a decrypted copy in his Sent folder on
> his mailbox server,
> and the sending SMTP server is again close to
> that server. So if only we had a way to properly authenticate SMTP
> servers, I think we get almost the same effective protection for the
> users, albeit without signatures. And this requires only changes to a
> "couple of" servers, instead of to all endpoints.
Good news: I think we do have such a way. It's called DANE (DNS-based
Authentication of Named Entities) .
Support for DANE has been added to Postfix a few months ago and a few
German mail providers recently started using it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users