On 03/24/2009 04:09 AM, Ian G:instead I'm asking you, how would you
secure email
OK, just quickly, coz we are way off topic.
You started the off-topic I think...
Two caveats: Firstly, email is the clunkiest awfulest of
communications apps
It's not relevant, albeit I might agree...but it's highly popular, and
if you look over at the TB mailing list there is a real buzzzzz going
on. A far cry from what it was two years ago...
This would then mean that on adding an email account into Tbird, it
automatically creates the public key pair. On each email sent out, it
includes the public key in a header. On each email received, it grabs
out any public key sent and stores it in the address book. On every
email going out, it sends it encrypted to that person.
One thing I'm missing....where comes the email control validation in?
Assuming S/MIME, as above. Create the key pair as above. Wrap it
into its cert. Deliver the cert into the headers. Cache the things.
Almost good. But we could easily put the CAs into the loop, the same way
big mail providers receive a special treatment in the UI too...Perhaps
we need to talk to David about it...
I think there are enough formidable CAs, all of which offer no-cost
email certs. It would be possible to use them and have the user make a
selection. It could be as easy as it possible could get for this purpose.
Where it gets interesting with S/MIME is that once we eliminate the
famous Assumptions, it starts to look more plausible. Adjust the GUI
to display the status of the cert that is currently in question:
don't punish the person for the wrong cert as currently done, but
create a marketing step up to the CA-signed product. Add the
keyservers, perhaps as a special for CAs.
The idea is good, there might be some problems with it....
(BTW, I guarantee you that this will sell more certs. We might
validly ask why this is not already done, because it will make a *lot*
more money for some CAs. But that's way way offtopic :)
It's not, perhaps that's the key to a solution you are seeking.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
