How email encryption should work
Lars Eilebrecht
lars at evildoer.de
Tue Mar 29 01:54:22 PST 2005
According to James:
> I would appreciate some analysis of this proposal, which
> I think summarizes a great deal of discussion that I
> have read.
>
> Here is how email encryption should work:
[...]
> * In the default case, the mail client, if there are
> no keys present, logs in to a keyserver using a
> protocol analogous to SPEKE, using by default the
> same password as is used to download mail. That
> server then sends the key for that password and
> email address, and emails a certificate asserting
> that holder of that key can be reached at that email
> address.
Are you saying that the keyserver creates the
public-private key pair for the user?
That doesn't sound like a good idea.
> Each email address, not each user, has a
> unique key, which changes only when and if the user
> changes the password or email address.
How do you prevent that a user creates a key/certificate
for an email address the user doesn't own.
> * The email client learns the correspondent's public
> key by receiving signed email.
Unless you use certificates issued by a trusted-third party,
that's not secure.
ciao...
--
Lars Eilebrecht
lars at evildoer.de
More information about the cypherpunks-legacy
mailing list