[146387] in cryptography@c2.net mail archive
Re: [Cryptography] Good private email
daemon@ATHENA.MIT.EDU (Richard Salz)
Mon Aug 26 16:57:52 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAHE9jN0iQx3j2ZAiefmzUdGWFe18N46gLpaMNL9cCObVHhB3OA@mail.gmail.com>
Date: Mon, 26 Aug 2013 14:53:54 -0400
From: Richard Salz <rich.salz@gmail.com>
To: Alexandre Anzala-Yamajako <anzalaya@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> This is everything *but* PRISM-proof
I wasn't trying to be PRISM proof, hence my subject line. The client
and keyserver could help thwart traffic analysis by returning a few
"extra" keys on each request. The client then sends a structure
message to some of those keys that the receiving client recognizes and
ignores.
> and your directory server containing public keys could very well be forced
> by a law enforcement agency ( in the best case scenario because it could
> also be the mafia) to answer the fbi/mafia public key on any request made to
So what? Your content might get sent to the wrong person, but that can
be avoided with that old PKI favorite, out of band verification. If
it's necessary.
> [bitcoin] has the user base
No it doesn't. Not by orders of magnitude compared to the few I
mentioned. Nor does it have a mail client last I checked. (I guess
Chrome doesn't either, but that could be fixed with a couple of quick,
and silent, updates.)
> you just described PGP universal
I never said it was new. The combination of size of the populace
using an out of the box mail client that has this happen seamlessly,
however, would be new.
> Traffic analysis is the problem
Do you really think that for most people on the planet, that it is?
Hey folks, go off and design your perfect secure system. Build a
prototype or alpha-test even. And then watch while the millions of
people who could benefit from private email, and the few who could use
it as an infrastructure to build more services, ignore you. Sigh.
/r$
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
