On Mon, Mar 23, 2009 at 7:27 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 03/24/2009 04:09 AM, Ian G: >> This would then mean that on adding an email account into Tbird, it >> automatically creates the public key pair. On each email sent out, it >> includes the public key in a header. On each email received, it grabs out >> any public key sent and stores it in the address book. On every email going >> out, it sends it encrypted to that person. >> > > One thing I'm missing....where comes the email control validation in?
This is where you get to upsell your service. Once a public key goes out, you can encrypt something specifically *to* it, and then only the private key holder can decrypt it. If they decrypt it and you send it only to that email address, you know that the holder of the private key can read from that mailbox. Otherwise, it's handled like key-continuity management. >> Assuming S/MIME, as above. Create the key pair as above. Wrap it into >> its cert. Deliver the cert into the headers. Cache the things. > > Almost good. But we could easily put the CAs into the loop, the same way big > mail providers receive a special treatment in the UI too...Perhaps we need > to talk to David about it... > > I think there are enough formidable CAs, all of which offer no-cost email > certs. It would be possible to use them and have the user make a selection. > It could be as easy as it possible could get for this purpose. Why are you making the assumption that only a single email certificate is worthwhile or even desirable? (what if one of the roots is yanked?) Why do you even think that making a choice like this is something that will make the user happier? Why not simultaneously send certification requests to all of the CAs that Tbird supports without having to have the user make a selection of which one? (Certainly, give the user a choice as to whether to do it, but also mention that it's recommended that they go through this step to show that they actually have control over the email address they're claiming.) Make some kind of automated certificate request protocol (this is the CAs' job to push through PKIX, by the way) to request class-1 validation of a given email address that Thunderbird has already verified that it can log into. This way, you don't have to trust the email program, you only receive an email address and a public key, you send a specially-formatted message to the email address that Thunderbird can auto-parse, have it decrypt the thing with the private key, send another request with the same email address and the encrypted nonce, and have it deliver the certificate. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
