[messaging] Axolotl for email

[Wei Chuang]

Hi all,

Would it make sense to apply Axolotl for email encryption?  While the
protocol allows the D-E exchanges to be asynchronous, the main remaining
issue is the initial D-E exchange setup.  TextSecure uses pre-keying, but
that likely has challenges for email as there isn't a standard directory
service for email.  Are other approaches possible?  Would it be possible to
use existing PKI (X.509 or PGP based) to transmit the initial D-E key with
integrity?

If that can be overcome, I see the following advantages (and please correct
me if I'm wrong):
1) Perfect forward and backwards secrecy makes key loss much less
important.  So much so that much of the worry about key revocation goes
away.
2) Message processing needs only be a single pass authenticated encryption
encrypt/decrypt that provides both privacy and integrity.  S/MIME and PGP
would have to do two passes and would have weaknesses as described here:
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

Assuming that it does make sense is there standardization work for Axolotl
for email encryption?  I've read about the OMEMO for XMPP that is related.
If so, who is a contact for the Axolotl email standardization work?

thanks,
-Wei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160609/94a86e05/attachment.html>