Re: [Cfrg] [cryptography] Email encryption for the wider public
Michael Hamburg <mike@shiftleft.org> Wed, 17 September 2014 20:10 UTC
Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3DC91A0AF6 for <cfrg@ietfa.amsl.com>; Wed, 17 Sep 2014 13:10:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfEONmJnCBf0 for <cfrg@ietfa.amsl.com>; Wed, 17 Sep 2014 13:10:04 -0700 (PDT)
Received: from aspartame.shiftleft.org (199-116-74-168-v301.PUBLIC.monkeybrains.net [199.116.74.168]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A15ED1A0AF8 for <cfrg@irtf.org>; Wed, 17 Sep 2014 13:10:04 -0700 (PDT)
Received: from [10.184.148.249] (unknown [209.36.6.242]) by aspartame.shiftleft.org (Postfix) with ESMTPSA id 9BCBC3AA49; Wed, 17 Sep 2014 13:10:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shiftleft.org; s=sldo; t=1410984603; bh=91GoySbbbM8QOoFoxxx7IU508OhZGjBbWOwjTx0eBtw=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=JeMPNBgQRvxpBYwyIXFn/2V4bi8L0IZcQFPkYJyZW6xOELj+yYnb3lBjpdzVRQkS6 /McIV2LwFnahOlLx46c+/MENz0RSWONaPQcxhSNmkxDF8YpGVtcoEaji9X9pmvwv/J RcsEJwwZGoEZkBfYHruDWu5AaE4ysX6VSm/mClGc=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1985.3\))
From: Michael Hamburg <mike@shiftleft.org>
In-Reply-To: <CABU-GB1PhJThhZ6M7tdb0PwhzhHbSXDmwuqG3d9uE_nXFv7OMw@mail.gmail.com>
Date: Wed, 17 Sep 2014 13:10:01 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <BC58F91C-0186-4870-B2DD-309C0EC439AA@shiftleft.org>
References: <CABU-GB37qpwUuTtK15VmykzuR4_-AVQvSFUYXO=W8VC3J2hEFA@mail.gmail.com> <CAOHzewOpV2J_Wp5NpEmzn8i7+BTm5qjAD6PSRcbZGh_1XUZ1Jg@mail.gmail.com> <CABU-GB1PhJThhZ6M7tdb0PwhzhHbSXDmwuqG3d9uE_nXFv7OMw@mail.gmail.com>
To: Henry Augustus Chamberlain <henryaugustuschamberlain@gmail.com>
X-Mailer: Apple Mail (2.1985.3)
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/7DrykJosyAJ26Rf2e4_qL2hToJM
Cc: Cryptography <cryptography@metzdowd.com>, cfrg@irtf.org, cryptography@randombit.net, Maarten Billemont <lhunath@lyndir.com>
Subject: Re: [Cfrg] [cryptography] Email encryption for the wider public
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2014 20:10:06 -0000
What about revocation? > On Sep 17, 2014, at 12:48 PM, Henry Augustus Chamberlain <henryaugustuschamberlain@gmail.com> wrote: > > On 17/09/2014, Maarten Billemont <lhunath@lyndir.com> wrote: >> >> I'm not sure I understand what problem you've just solved. Senders still >> need to generate a keypair and encrypt their mail, receivers still need to >> decrypt their mail. All you've done is remove key lookup and replaced it >> with a From: header. >> > > I haven't invented any new cryptography - functionally, it's similar > to what already exists. > But I think the reason that encryption still isn't widely used (after > more than 2 decades!) is the usability. Even if encryption/decryption > are automated, you still need to understand concepts like public keys > and digital signatures in case something goes wrong. > > By combining the address and the public key, I think everything makes > much more sense to the end user: when they send emails to some > address, they know it can't be intercepted, and when they receive an > email from some address, they know that it definitely came from there. > > The encryption/decryption can be handled automatically by something > like Enigmail, but now the user can easily understand the problem if > something goes wrong: errors will say things like "this email didn't > really come from that address", rather than "this digital signature > doesn't match the key". > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Email encryption for the wider public Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Michael Hamburg
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [Cryptography] [cryptography] Email en… Werner Koch
- Re: [Cfrg] Email encryption for the wider public Henry Augustus Chamberlain