STEED - Usable end-to-end encryption

Peter Lebbing peter at digitalbrains.com
Wed Oct 19 21:30:48 CEST 2011


Werner, Marcus,

Thank you for thinking about taking end-to-end e-mail encryption to the next
level. I really like your ideas.

However, I think you're not ambitious enough when you opt for using DNS for key
distribution. Yes, the infrastructure and RR types[1] are already there. But it
brings this nasty dependency on the provider. Because the part of the client
updates to the DNS is a key missing part in the DNS infrastructure as today, and
I don't see providers adding that soon.

I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, or
similar concepts in other peer-to-peer networks. I have no idea how it works :),
but it does. You fire up your BitTorrent, all the data it needs is the hash of a
torrent file, and suddenly it learns IP-addresses of other people who share that
torrent file. If you could do something similar for mapping e-mail addresses to
certificates, you don't need ISP's to implement extra stuff. Because I think
that is a really major hurdle; probably a too steep one, IMHO.

And if you design that infrastructure general enough to do X-to-certificate, we
could use the same infra for opportunistic end-to-end encryption of TCP/IP,
which would be great to have too, but a different paper altogether :).

Peter.

[1] "Entries" in the DNS, for people not up to DNSpeed ;)
-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt



More information about the Gnupg-users mailing list