Transparent Email (WAS disable telnet to port 25)
Norman Hardy
norm at netcom.com
Mon Nov 28 09:07:31 PST 1994
At 1:34 AM 11/28/94, Alex Strasheim wrote:
....
>The big problem with transparent encryption and signatures is key
>distribution: if you've never sent a letter to me, your mailer will have
>to get my key (invisibly) before the mail can be sent. The big problem
>with key distribution is the web of trust: who gets to decide which keys
>are good?
....
If I have never sent you mail, consider how I got your e-mail address?
You could have sent your public key to me along with your e-mail address.
If your public key is too big you could include a phoneticized secure hash of
your public key and I could check big brother (the CA). I suspect that initial
bits of a public key serve pretty well as a secure hash. Perhaps all email
addresses should be accompanied by such a hash. The more initial bits
the harder to find a fake public key with sutiable mathematical properties
and initial bits that agree with your real pulic key.
If an email address and its associated PK are sent thru unauthenticated
channels a man in the middle can substitute the PK. In the same situation,
however, the man in the middle can substitute the email address!
....
More information about the cypherpunks-legacy
mailing list