On 17/09/2014, grarpamp <grarp...@gmail.com> wrote: > Putting keys into some_encod...@example.com might cover > some bases related to offline key lookup and message validation. > Most user and system mail tools would need changes to handle > string width and keytype, addressbooks updated, etc. Totally burying > OpenPGP, passphrase and key lookup/use behind a fully integrated > MUA GUI for grandma would work just as similarly well right now today > with no such encoding. > > But in the end, all you're doing is covering the message body, and in > today's > world that's clearly not enough. No one's yet solving the huge issues > with leaving mail exposed to what is essentially open-for-all-to-inspect > central > storage and mail routing. The "who's IP talking to who", "From To Subject, > daemon headers, etc" metadata, when, how much/often, provider logs, someone > sending you unencrypted mail, you giving up your private keys to the > provider or running blobs they provide to you, etc. This is all unfixable > with > traditional "Email" models.
I think the metadata issue is really interesting, and I'm interested in what various schemes (P2P, Dark mail alliance, etc) are doing about it. But I think you and I are talking about different problems: your main concern (which is a valid one!) is that encrypted emails still expose metadata, whereas my concern is the fact that hardly anybody is currently able to use email encryption at all! I think both concerns are fair, and both are worth trying to solve. Henry _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography