[messaging] The Simple Thing
michael at briarproject.org
Fri Sep 26 07:14:57 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 25/09/14 09:48, Trevor Perrin wrote:
> Bouncing messages whenever Bob changes his key seems bad. Alice
> might send a message and then disconnect, so you can't count on her
> mail client to auto-resend, and the message might be lost or
> So Alice should probably confirm the key with the recipient's
> provider before sending a message. In which case Bob's email
> header doesn't need to list Bob's key, it just says "X-Lookup-Key:
> True", and Alice remembers that.
> Bob's server would get two connections per message (one from
> Alice, one from Alice's MTA). It would be nice if Alice could
> contact Bob's MTA once to confirm the key and send the message. I
> suppose that's feasible in a centralized system where the server
> handles spam by tracking reputations for Alice and Bob. But it
> doesn't seem feasible for email.
Using a separate connection to look up the key provides a nice
opportunity to route the lookup through an anonymity system. Bob can
anonymously look up his own key from time to time, and if his provider
supplies the wrong key he can switch to another provider and bitch to
his friends, some of whom may believe him. No public consensus on the
truth of Bob's claims is required.
On receiving the message from Alice, Bob's provider will realise who
made the anonymous lookup, but by then it will be too late to supply
the wrong key.
The anonymity system could be Tor, or a special-purpose system in
which each encrypted mail provider operates a relay.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Messaging