[cryptography] Email encryption for the wider public
Henry Augustus Chamberlain
henryaugustuschamberlain at gmail.com
Thu Sep 18 03:06:53 EDT 2014
On 17/09/2014, grarpamp <grarpamp at gmail.com> wrote:
> Putting keys into some_encoding at example.com might cover
> some bases related to offline key lookup and message validation.
> Most user and system mail tools would need changes to handle
> string width and keytype, addressbooks updated, etc. Totally burying
> OpenPGP, passphrase and key lookup/use behind a fully integrated
> MUA GUI for grandma would work just as similarly well right now today
> with no such encoding.
> But in the end, all you're doing is covering the message body, and in
> world that's clearly not enough. No one's yet solving the huge issues
> with leaving mail exposed to what is essentially open-for-all-to-inspect
> storage and mail routing. The "who's IP talking to who", "From To Subject,
> daemon headers, etc" metadata, when, how much/often, provider logs, someone
> sending you unencrypted mail, you giving up your private keys to the
> provider or running blobs they provide to you, etc. This is all unfixable
> traditional "Email" models.
I think the metadata issue is really interesting, and I'm interested
in what various schemes (P2P, Dark mail alliance, etc) are doing about
it. But I think you and I are talking about different problems: your
main concern (which is a valid one!) is that encrypted emails still
expose metadata, whereas my concern is the fact that hardly anybody is
currently able to use email encryption at all! I think both concerns
are fair, and both are worth trying to solve.
More information about the cryptography