Jim Dixon wrote:
This scenarios won't work with Google in the
middle, since sender and receiver must communicate directly to each
other to exchange keys <--> Peer to Peer connection.
Don't understand this at all. You originally said that Google "won't
be very happy with that" and that is what I responded to. Google
doesn't care at all about your sending encrypted text.
Your remark above about the scenario not working with Google in the middle
is difficult to understand.
Sorry for my poor description. Let me try again. Essentially, in order
to have privacy, all your emails, both incoming and outgoing, should be
encrypted. You therefore have to exchange encryption keys with the
receipents for every email you send to or receive from them. This
process (key exchanging) is normally done by establishing direct
connection between sender and receiver (a peer-to-peer connection).
Of course it will work with Google in the middle. It will work just as
well as it would be any other communications channel. If you put your
keys (in clear) in the same envelope as your encrypted message, Google
will very happily accept them. It's a bit mad, though.
You suggested that the sender could encrypt (content of) the email with
a key K, then attach K along with the message (in plain text) and send
it to Gmail server to deliver. But the whole point is to hide your
message from google/Gmail.
What i can think of is a software that is built on top of Gmail and in
charge of exchanging keys.
What wouldn't be mad at all is doing the usual DH handshaking dance
through gmail. It might be slow, but it would be very secure. My
guess is that it would take a couple of dozen lines of Perl, plus
Crypt::DH and a few other modules from CPAN. If it doesn't exist
already, I could do it over coffee on the weekend ;-)
What's DH handshaking ?
Regards,
Anh
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
