Hi Heikki, > I agree, and in fact there is some relevant prior art/code to get > started. Gaim has an encryption plugin that uses NSS. The plugin can > generate a certificate for you when you start. Then when you get sent an > encrypted message, it checks if you have conversed with that peer cert > before, and if not, will ask the user. From there on, as long as the > cert your peer presents to you remains the same things just happen > automatically.
How does the 1st encrypted message get sent? How does the cert get sent? User action? Hints in received messages? > A thing to be cautious about with automatically generating a certificate > and perhaps automatically signing all messages (and encrypting when > possible) is that sometimes you want to remain anonymous (sending mail > through anonymizers etc.) In those cases sending even one supposedly > anonymous message as signed message can be a disaster. Might be better > to err on not signing by default, and sign+encrypt by default when > corresponding with a peer whose cert you have. It all depends on what you mean by signing. If signing reveals any more than "this message came from this cert" then yes, that's an issue. If it is simply a message authentication code, then how do you intend to authenticate the messages without signing? My view would be to drop signing as being an available operation of human meaning. I.e., do it transparently if at all, for purposes of tying the message to the source cert identity, only. If a "human meaning signature" feature is required, add that over the top of the protocol, at the application level. Having said that, simply dropping the authentication entirely and encrypting without any auth technique would be an entirely valuable thing. It's still wonderfully more secure than plain text email, and experience from the OpenPGP email community (which could be considered substantial) is that any active attacks on email users would seem to be remote and optional, even in the face of known attacks. I.e., leave all sigs for another day if one strikes difficulties. Message source and integrity checks should be a nice to have. As to your comment on anonymous email - I'd suggest this is a specialist requirement. Don't include anything in there that might lead us down a blind alley. Most people most of the time do not want or need to send anonymous email. Let's not break the app for the majority just to please the anarchists. (speaking as one of the latter, myself :-) . iang _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
