[cryptography] Email encryption for the wider public

Henry Augustus Chamberlain henryaugustuschamberlain at gmail.com
Wed Sep 17 15:36:35 EDT 2014


On 17/09/2014, Kevin <kevinsisco61784 at gmail.com> wrote:
> As someone who deals with security measures each day I need to come at
> it from that angle.  Your method is great save for the fact that
> spammers love spoofed addresses.  I doubt anyone could trust something like
> abcdcdhhiklklklmnfffffff at hotmail.com
> Am I missing something?  If I'm not, it seems more measures should be
> taken.  What about digital signatures?  Would you change the scheem?
>
>
> --
> Kevin
>
>

Well, each email is digitally signed using the sender's key (as well
as being encrypted using the recipient's key) so it's impossible to
spoof the address.

As for trust, I think the whole point of cryptography is that you
should trust the digital signature rather than just checking the
sender's address. With my scheme, the address and the public key are
the same thing, so if an email is forged then the software can say
"This email isn't really from that address" rather than "Error!
Invalid key".

I haven't changed anything in terms of the cryptography - I'm just
trying to make things more usable.


More information about the cryptography mailing list