Re: [kitten] Group/Enterprise encrypted email

"Nordgren, Bryce L -FS" <> Mon, 01 June 2015 18:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C41D61B30C6; Mon, 1 Jun 2015 11:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qtXlswH_tqIs; Mon, 1 Jun 2015 11:25:06 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 74EC91B30B6; Mon, 1 Jun 2015 11:24:54 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 1 Jun 2015 18:24:53 +0000
Received: from (2a01:111:f400:7c09::142) by (2a01:111:e400:142a::44) with Microsoft SMTP Server (TLS) id via Frontend Transport; Mon, 1 Jun 2015 18:24:53 +0000
Authentication-Results: spf=pass (sender IP is; MIT.EDU; dkim=none (message not signed) header.d=none;
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Received: from ( by ( with Microsoft SMTP Server (TLS) id via Frontend Transport; Mon, 1 Jun 2015 18:24:52 +0000
Received: from ([]) by ([]) with mapi id 14.03.0224.003; Mon, 1 Jun 2015 18:24:29 +0000
From: "Nordgren, Bryce L -FS" <>
To: Benjamin Kaduk <kaduk@MIT.EDU>
Thread-Topic: [kitten] Group/Enterprise encrypted email
Thread-Index: AdCaU4EBKI9vXfbmSrKplnpcKmT5cgAGnCmAAIkbNEA=
Date: Mon, 01 Jun 2015 18:24:29 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11OLC015; 1:yZeta8lB2RFZPu3s1UKcao8/t4HCmx6whVqi3O3J3mfFGj0NYGm5+fxaUvw1gSVRb3Cbky4d3TeCLFuGaUyh6GeFhKBP7H2v2QIfUJ/bVXan+W9gqzTjkg/QgnO/Z7JzWqa5RVH772S46WiLoh2W/9YP9TDNuhUiBDXdoDGS2pF8FSIXgbmuN6CTG8Ie44+82VVzjtvsAAU90crEMmhEIT7ebkjAumisOuM+mkwSm4it2OoiaLH66QGQoobQ+rpAzv0+189eSllA6OxKPPLytJ1dR/Btrb8AMR+jFt7hq7I=
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(438002)(199003)(13464003)(164054003)(51704005)(189002)(87936001)(2656002)(2171001)(22756005)(55846006)(64706001)(77156002)(97756001)(68736005)(102836002)(22746005)(62966003)(46406003)(46102003)(6806004)(47776003)(74482002)(66066001)(19580395003)(19580405001)(69596002)(92566002)(86146001)(566704002)(50986999)(50466002)(561944003)(26826002)(86362001)(33656002)(76176999)(54356999)(104016003)(5001860100001)(2920100001)(5001960100002)(5001830100001)(5001920100001)(81156007)(106466001)(110136002)(4001540100001)(2950100001)(2900100001)(189998001)(23726002)(97736004)(80862005)(79686002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0601MB1563;; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0601MB1563;
X-Microsoft-Antispam-PRVS: <>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:CY1PR0601MB1563; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0601MB1563;
X-Forefront-PRVS: 05947791E4
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jun 2015 18:24:52.7751 (UTC)
X-MS-Exchange-CrossTenant-Id: 49808c08-7df8-4c41-af62-7a0827de9408
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=49808c08-7df8-4c41-af62-7a0827de9408; Ip=[]; Helo=[]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0601MB1563
Archived-At: <>
Cc: "" <>, "" <>
Subject: Re: [kitten] Group/Enterprise encrypted email
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Jun 2015 18:25:08 -0000

> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@MIT.EDU]
> You might have better luck on the endymail list, which is considering ways to
> improve email privacy.  I don't recall whether a scheme substantially similar
> to your proposal has been discussed there, but there should be a good crop
> of people interested in improving the state of email to comment there.

Hi Ben and Nico, 

I thumbed through the endymail archives and things appear to be sort of dead. I forwarded the message there anyway just in case someone's still listening. Lot of activity at first, then nothing till now. I just thought it was kind of neat. :) If it fails to spark any discussion I'll move on.

My proposal seems to get around a few of the problems endymail identified simply by using a per-message key for in-flight data only. Quite a lot of the endymail discussion revolves around key management/distribution for end users. All of it involves using something related to the user's identity to encrypt email. My proposal appears to be distinct from anything discussed there because of my focus on per-message keys unrelated to anyone's identity. This also distinguishes it from Identity based encryption (thanks Nico!). The EKG never holds (or releases) keys related to someone's identity. This scheme has the potential to be a form of OTR protection by configuring the EKG correctly, anthough if you configure the EKG to hand the key out like candy, why bother encrypting it? Enterprises will likely not configure their key guardians in this way.

Drawbacks are that you can only send encrypted email if your email provider operates an EKG, you and all your recipients have been issued "email address certificates" by the respective mail providers, and your recipients must have a PKI anchor your email provider is configured to trust. For enterprises interested in protecting their IP and operating their own email servers, this is not likely to be problematic. I suspect webmail clients could also participate, as the webmail server would be decrypting the message and then displaying it over https.