[148426] in cryptography@c2.net mail archive
Re: [Cryptography] Size of the PGP userbase?
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Dec 12 19:09:52 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <A67B7665-A632-4416-8584-03D9473D1BEF@callas.org>
Date: Thu, 12 Dec 2013 19:04:28 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jon Callas <jon@callas.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6444996626451987555==
Content-Type: multipart/alternative; boundary=001a11c24a94b7111e04ed5f3483
--001a11c24a94b7111e04ed5f3483
Content-Type: text/plain; charset=ISO-8859-1
OK not wanting to re-iterate the conversation, just want to let folks know
that this is helpful. I want to be really sure that I have covered all the
requirements.
The goal is 'Frictionless cryptography'.
The legacy S/MIME deployment is the code base to build on in my view. There
is more of it for a start and S/MIME is fully integrated into the IETF mail
infrastructure. It is the format that has received ongoing updates as the
IETF has changed other parts of mail.
So that means adding the features of the PGP trust mechanism to the S/MIME
environment. Which is not that difficult.
One aspect of the problem neither PGP nor S/MIME solves at present is
telling me when to send email encrypted by default. Like Jon I do not
enable every one of my devices for receipt of encrypted mail. Until there
is a mechanism that makes that easy sending someone an encrypted email
message is going to be an inconvenience. I have a spec for such a scheme
but it isn't implemented in the prototype yet.
So I am thinking that there is going to have to be some kind of policy
glue. If we put that between the key hash and the public key data the user
can advertise statements such as "I support the PGP and S/MIME formats" and
telling different people to use different keys. I might have my mail
configured so that encrypted mail from people I don't know goes through the
spam content filter which has one key and encrypted mail from people I do
know is encrypted under my end-to-end key.
The code is still at the plumbing stage which means I spent today writing
an SMTP proxy in C using OpenSSL.
--001a11c24a94b7111e04ed5f3483
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">OK not wanting to re-iterate th=
e conversation, just want to let folks know that this is helpful. I want to=
be really sure that I have covered all the requirements.
</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br><=
/div><div class=3D"gmail_extra">The goal is 'Frictionless cryptography&=
#39;.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">=
The legacy S/MIME deployment is the code base to build on in my view. There=
is more of it for a start and S/MIME is fully integrated into the IETF mai=
l infrastructure. It is the format that has received ongoing updates as the=
IETF has changed other parts of mail.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">So that mea=
ns adding the features of the PGP trust mechanism to the S/MIME environment=
. Which is not that difficult.=A0<br></div><div class=3D"gmail_extra"><br><=
/div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">One aspect =
of the problem neither PGP nor S/MIME solves at present is telling me when =
to send email encrypted by default. Like Jon I do not enable every one of m=
y devices for receipt of encrypted mail. Until there is a mechanism that ma=
kes that easy sending someone an encrypted email message is going to be an =
inconvenience. I have a spec for such a scheme but it isn't implemented=
in the prototype yet.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">So I am thi=
nking that there is going to have to be some kind of policy glue. If we put=
that between the key hash and the public key data the user can advertise s=
tatements such as "I support the PGP and S/MIME formats" and tell=
ing different people to use different keys. I might have my mail configured=
so that encrypted mail from people I don't know goes through the spam =
content filter which has one key and encrypted mail from people I do know i=
s encrypted under my end-to-end key.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br></div><=
div class=3D"gmail_extra">The code is still at the plumbing stage which mea=
ns I spent today writing an SMTP proxy in C using OpenSSL.=A0</div></div>
--001a11c24a94b7111e04ed5f3483--
--===============6444996626451987555==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6444996626451987555==--
