Sixpack Encryption Email client

Eric Murray ericm at lne.com
Mon Nov 26 17:43:30 PST 2001 

On Mon, Nov 26, 2001 at 05:12:38PM -0800, georgemw at speakeasy.net wrote:
> I gave a little bit of thought about what an encrypted email client 
> should look like for joe sixpack to use.  Here's how the DEFAULT
> behavior would work:
> 
> When you install the   software, it generates a public-private key
> pair. It saves your private key right there on your hard disk
> unencrypted, no tricky passphrase to remember.  It then uploads
> your private key to some central server.

you meant uploads your public key to some central server.
 
> The software maintains a list of public keys, if you want to send
> mail to someone for whom  you don't have a public key, it'll
> check the server for one. If you have a key for someone, it'll
> automatically encrypt. If you receive encrypted mail, it'll 
> automatically decrypt (and save the decrypted mail on your hard 
> drive). It'll have a little icon on a mail message indicating if
> it was encrypted, and there'll be an icon next to each name
> in the address book indicating if you have a key for that
> address, but for the most part it'll encrypt opportunistically
> and the user won't need to know or care  if a message is
> encrypted or not.


I think that the Joe Sixpacks who would care enough to install
"secure" email would like to have some sort of feedback
that it's working, i.e. they need to unlock the private key with
a password.  Of course they'll choose a lame one, but that's
besides the point.

There's two sub-species of Sixpack-- the one I describe, and
those who don't know and don't care about secure email, which
is who you're talking about.

It's the the "early adopter" Sixpacks I'm thinking of.  Once you get
enough of them, then the someone will declare it an industry standard
and all the Sixpacks will get it, whether they know it or not.

I wrote something like what you're describing long ago, for a large
workstation maker.
Only this was a hack on sendmail to automagically encrypt/decrypt
mail between offices in foreign countries whose security services
were known to snoop on technology companies.  

> Personally, I think it'd be better if the sixpackers used this kind
> of encryption than no encryption at all, if I thought that people
> wuld use this kind of email client I would write it, it shouldn't
> be too hard since I could probably steal most of the code.

How about an add-on to MSIE or Netscape?  Either one has a pile
of crypto junk to call on.  Making it work with S/MIME might
be an easy way to do it.


Eric

More information about the Testlist mailing list