[148262] in cryptography@c2.net mail archive
Re: [Cryptography] Email is unsecurable
daemon@ATHENA.MIT.EDU (James A. Donald)
Tue Nov 26 11:32:27 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 26 Nov 2013 16:34:21 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <20131125202835.GI3655@localhost>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-11-26 06:28, Nico Williams wrote:
> E-mail has been not secure for... 40 years. So what? It works well
> enough for a lot of things, and nothing else we've yet seen would work
> as well for some uses (e.g., fora like this one).
Why could not a forum like this one be a hidden web service, wherein one
logs in with a zero knowledge password protocol.
The client could be written so that the user interaction remained the
same as at present, even though the underlying protocol would be very
different.
Your client, whereby you interact with the forum, has a master password,
and typically concocts per forum passwords on the fly, which is to say
per mailing list passwords on the fly.
Usernames would have the form example$forum_name
Forum name would be non memorable, but the user would not typically need
to type it, or even see it, merely click on it. (Zooko's triangle)
Messages sent to the entire mailing list would default to public, that
anyone could browse without necessarily creating a username and
password, but more private non default forums would be possible - for
example, that even messages sent to the entire mailing list default to
private, and that in order to sign up, you need to send a request to the
list that no existing member of the list blackballs.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography