Okay, I'm sure there's some obvious reason this won't work, since it seems so obvious, and lots of people are working in this area, but it's keeping me awake, so may as well inflict it on others...
Goal: make encrypted email communication the norm.
Partial Problem: need for registration with keyservers, resolution of who is a friend to keyserver-registered key.
Partial Solution: use in-band communications, rather than out-of-band communications to provide opportunistic encrypted communication.
Concretely: every mail client generates/acquires a key for their user, and promiscuously communicates the key in a header "x-please-encrypt", and the signature in a header "x-signed" (or whatever). Every mail client then also keeps track of the x-please-encrypt keys associated with those addresses in their address book (and, of course, messages will retain their x-please-encrypt headers).
Whenever we reply to an address which (or send a message to an address-book record which) has sent an x-please-encrypt header (with key), we use the key to send the message in encrypted form.
Now, when replying to an un-encrypted message, there's a chance that you might have a man-in-the-middle attack that's replaced the key on the message, but if you're worried about that, you can check the key against a key-server or some out-of-band mechanism.
Now, when an attacker sends a message with a different key, we have a problem, and can inform the user of the potential security issue so that they can verify the identities to decide whether to accept the new key. However, it is often going to be the case that the user can simply use the old key to ask the other user whether they have changed keys or not.
The basic idea is that for opportunistic encryption we don't really need to worry about the panopticon attacks (i.e. China), where every single x-please-encrypt header is rewritten to allow for monitoring. People in those circumstances are worried enough to use out-of-band verification. What we're looking at is simply providing a privacy conduit for the normal case of email communications among friends/relatives/colleagues.
The effect is to create pseudonymous identities bound up with the email address and key used to send email. You can verify that an individual is the same individual who you have been talking to, and continue to talk to them with some measure of privacy. There is the possibility that you've been talking to an imposter the entire time, but then the guarantee still holds. Success relies on the relative lack of pervasive attacks to establish the regime, but if pervasive attacks were to become commonplace then you can imagine that individuals would likely become concerned enough to start worrying about encryption.
Well, now, maybe I can go to sleep...
Pingbacks are closed.