Tien Tuan Anh Dinh wrote:
Essentially, in order to have privacy, all your emails, both incoming and outgoing, should be encrypted. You therefore have to exchange encryption keys with the receipents for every email you send to or receive from them. This process (key exchanging) is normally done by establishing direct connection between sender and receiver (a peer-to-peer connection).
You don't need to exchange session keys every time: you only need to exchange public key fingerprints when you exchange email addresses. Obviously that can't be done over email, there's a bootstrapping problem, but people seem to manage in practice. ;-)
You don't even need to exchange the entire public key, because the fingerprint is the cryptographic hash of the key, so you can attach the full key to your first message and the recipient can use your fingerprint to verify it.
The session keys can then be derived from the sender and recipient's public keys using station-to-station key agreement (which, unlike Diffie-Hellman, resists man-in-the-middle attacks if you know the other party's key fingerprint, so a direct p2p connection is not necessary).
This is all standard stuff, the technology has been available for years, so why don't people encrypt their email? I'd have to agree with the people who've pointed to usability, but I wonder whether it isn't also a matter of network effects: it's not worth encrypting your email until most of your friends do. That suggests that persuading people to encrypt their email will be at least as hard as persuading them to adopt a new method of communication that's secure by default.
Cheers, Michael _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
