begin quoting Bob La Quey as of Thu, Jan 25, 2007 at 07:54:18AM -0800: > Unfortunately "if everyone only" arguments rarely lead to > practical solutions. This is true.
> I can see a lot of ways to do it within an essentially closed > but extensible network e.g. friends. Doing it in a universally > accessible way though is a bit more of a puzzle. Yup. > OK, how about this (not perfect but it may be good enough) > Offer a web mail service via HTTP over SSL. All access to the > service mus tbe throuh a netwrok of these mail portals. The > inter-server communications streams is all encrypted. Well, that's crunchy on the outside, but with a big, soft, chewy center. All those trusted machines are a vulnerability. Current solutions -- encrypt with PKI or gpg or somesuch -- work well for point-to-point, because there are fewer trusted machines in the path. The downside of point-to-point encryption is that it makes archiving email difficullt. If you forget your passphrase to your key, that email archive is so much dead data. Whoops. ... So what sort of attacker(s) are we looking to defend ourselves from, and what sort of inconvenience are we willing to go through to get it? > Just thinking aloud. I need to go learn a little more about > http over ssl. Or set up alternate SMTP servers to communicate (via stunnel or somesuch) only with the other trusted machiens, and continue to use the existing tools. -- Fun problem, eh? Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
