Bram Cohen wrote:
>What we really need is a system which just stops passive attacks. The best
>idea I've come up with so far is for all outgoing messages to have a
>public key attached, and if you have the public key of an email address
>you're sending to you use it
Indeed -- this is one of the current advantages of S/MIME over OpenPGP.
Absolutely no reason why any PGP implementation shouldn't do it. This also
allows you to do perfect forward secrecy: generate new short-life encryption
key pairs for each message, sign the public key with your longer-lived
signature key, and include it in your message for the reply. See
http://www.ietf.org/internet-drafts/draft-brown-pgp-pfs-01.txt for an attempt
by Adam Back, Ben Laurie and myself to standardise this and other PFS
techniques for OpenPGP.
>The worst that could really happen is that I lose my key info, construct
>new stuff, and next time Russ sends me mail I respond 'sorry, but I lost
>my old private key, please send that last message again'.
A nice touch in a mailer would be to store sent messages in an "in transit"
folder until a signed receipt is received, either in an individual receipt
message or piggy-backed onto the reply, to help with this and other problems.
>The only real
>gotcha is that the first message is unencrypted, and that's not a big
>deal, especially when you know about it and always send a 'checking to
>make sure I got your address right' message to start things off.
Right. And we could all start putting our public keys into the DNS -- do NAI
have any plans to put that functionality into their software (e.g. allow the
key manager to communicate with an agent running on your local authoritative
nameserver?)
Including your public signature key in signed messages also solves a
gotcha with distributed keyserver systems, reverse lookup of keys by keyID.
Ian :0)