Anders Rundgren wrote:
Ian,
I hope you don't mind but I limit my response to a single core topic.
:)
So from this, I gather you want: scalability + distribution.
Absolutely.
Do you want no center(s) at all?
I want each organization/domain entity that can afford an SSL certificate to
become a virtual CA and run their own secure messaging center. Based on
the SSL certificate they can use whatever issuance policies they feel
comfortable
with as long as they keep inside of their "PKI sandbox" which is (by the not
yet defined application), constrained regarding subject naming-schemes.
OK, so if we intersect that with my interests (how to add chat to Tbird)
then the idea might be to write:
a Tbird plugin CA with some limited functionality:
receive requests with keys over email
issue cert over key from a superior cert, if in domain
distro the cert (over email?) to the identities
a Tbird plugin chat client that:
creates a key
sends and receives the request/cert
sends out and receives chat messages.
Hmmm... Needs work :) I wonder if we wouldn't just be better off doing
something like writing a chat client that creates and uses its keys, but
leaves them "unathenticated"? Trying to get all that theoretical
authentication going seems beyond the effort most people will expend in
order to just chat.
This is BTW, how I believe secure e-mail should have been from the beginning;
secured at the domain-level. Although that doesn't technically stop people from
sending out viruses, spam, or similar, it at least makes it much less
attractive because
the domain owner would terminate you if it get too many complaints. Currently
ISPs typically do not even authenticate SMTP requests, since there is no point,
because you can "reuse" whatever domain you want and most of the time the mails
get through.
How would the domain owner terminate you? The problem with spam is that
even if only a few still get through, it works. It would seem that this
idea would rest on every other mail server in the world behaving nicely,
which isn't reality in the mail world.
For my vision of how secure e-mail could work: the Tbird creates a key,
self-signs it, turns on digsiging + key distro always, and starts
sending encrypted email as soon as it has your key.
Of course, this is unauthenticated. So an additional optional extra for
the concerned user is to click a button, select a CA, and go off and
turn the self-signed cert into a CA-signed cert. If so desired.
Just my thoughts.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
