Anders Rundgren wrote:
Ian,
I hope you don't mind but I limit my response to a single core topic.

:)

So from this, I gather you want:  scalability + distribution.

Absolutely.

Do you  want no center(s) at all?

I want each organization/domain entity that can afford an SSL certificate to
become a virtual CA and run their own secure messaging center.  Based on
the SSL certificate they can use whatever issuance policies they feel 
comfortable
with as long as they keep inside of their "PKI sandbox" which is (by the not
yet defined application), constrained regarding subject naming-schemes.


OK, so if we intersect that with my interests (how to add chat to Tbird) then the idea might be to write:

   a Tbird plugin CA with some limited functionality:
      receive requests with keys over email
      issue cert over key from a superior cert, if in domain
      distro the cert (over email?) to the identities

   a Tbird plugin chat client that:
      creates a key
      sends and receives the request/cert
      sends out and receives chat messages.

Hmmm... Needs work :) I wonder if we wouldn't just be better off doing something like writing a chat client that creates and uses its keys, but leaves them "unathenticated"? Trying to get all that theoretical authentication going seems beyond the effort most people will expend in order to just chat.


This is BTW, how I believe secure e-mail should have been from the beginning;
secured at the domain-level.  Although that doesn't technically stop people from
sending out viruses, spam, or similar, it at least makes it much less 
attractive because
the domain owner would terminate you if it get too many complaints.  Currently
ISPs typically do not even authenticate SMTP requests, since there is no point,
because you can "reuse" whatever domain you want and most of the time the mails
get through.


How would the domain owner terminate you? The problem with spam is that even if only a few still get through, it works. It would seem that this idea would rest on every other mail server in the world behaving nicely, which isn't reality in the mail world.

For my vision of how secure e-mail could work: the Tbird creates a key, self-signs it, turns on digsiging + key distro always, and starts sending encrypted email as soon as it has your key.

Of course, this is unauthenticated. So an additional optional extra for the concerned user is to click a button, select a CA, and go off and turn the self-signed cert into a CA-signed cert. If so desired.

Just my thoughts.

iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to