[cryptography] Email encryption for the wider public

Henry Augustus Chamberlain henryaugustuschamberlain at gmail.com
Wed Sep 17 15:48:58 EDT 2014


On 17/09/2014, Maarten Billemont <lhunath at lyndir.com> wrote:
>
> I'm not sure I understand what problem you've just solved.  Senders still
> need to generate a keypair and encrypt their mail, receivers still need to
> decrypt their mail.  All you've done is remove key lookup and replaced it
> with a From: header.
>

I haven't invented any new cryptography - functionally, it's similar
to what already exists.
But I think the reason that encryption still isn't widely used (after
more than 2 decades!) is the usability. Even if encryption/decryption
are automated, you still need to understand concepts like public keys
and digital signatures in case something goes wrong.

By combining the address and the public key, I think everything makes
much more sense to the end user: when they send emails to some
address, they know it can't be intercepted, and when they receive an
email from some address, they know that it definitely came from there.

The encryption/decryption can be handled automatically by something
like Enigmail, but now the user can easily understand the problem if
something goes wrong: errors will say things like "this email didn't
really come from that address", rather than "this digital signature
doesn't match the key".


More information about the cryptography mailing list