What kind of security matters

[James A. Donald]

On 2/17/2017 11:37 AM, Zenaan Harkness wrote:
> On Fri, Feb 17, 2017 at 10:47:15AM +1000, James A. Donald wrote:
>> It is unlikely that Trump would manage his own public keys - and he cannot
>> trust the white house staff and government security people to manage them
>> for him.  It is even more unlikely that Podesta would manage his own public
>> keys.


> IPSEC was in principle the right approach in so far as "pre-emptive" or
> opportunistic "link" encryption (i.e., your communication channel, by
> default - as you say, zero clicks).

Ipsec is not very secure.  What I was thinking of is a global database 
linking phone numbers, email addresses, etc, to public keys with a 
witness mechanism to ensure that every client gets told the same story 
as to which public key is associated with which phone number.

So if your client looks up its own public key by phone number, it sees a 
hash chain connecting that association to the global witness hash, and 
knows that client it is talking to sees the same public key.  Clients 
upload and download public keys at infrequent intervals without human 
intervention.

This works fine with phones, since people assume one phone number per 
physical phone.  Phone forwarding systems are assumed to forward from 
one phone number/physical device to another phone number physical 
device. Not so fine with email addresses. Just have to give people the 
option

'Your emails are currently encrypted so that they can only be read on 
the following physical devices ...

"Add current device to list for future emails?"

"Edit list of devices that are empowered to decrypt your email?"

Which interface is likely to confuse and irritate them.

And if you lose or damage the physical device that currently holds all 
your old emails and you have not backed it up recently, thus losing all 
your old emails and the secret key that can decrypt them - that could be 
very handy if an investigation is coming up.