[messaging] Axolotl for email
weihaw at gmail.com
Thu Jun 9 11:16:02 PDT 2016
Would it make sense to apply Axolotl for email encryption? While the
protocol allows the D-E exchanges to be asynchronous, the main remaining
issue is the initial D-E exchange setup. TextSecure uses pre-keying, but
that likely has challenges for email as there isn't a standard directory
service for email. Are other approaches possible? Would it be possible to
use existing PKI (X.509 or PGP based) to transmit the initial D-E key with
If that can be overcome, I see the following advantages (and please correct
me if I'm wrong):
1) Perfect forward and backwards secrecy makes key loss much less
important. So much so that much of the worry about key revocation goes
2) Message processing needs only be a single pass authenticated encryption
encrypt/decrypt that provides both privacy and integrity. S/MIME and PGP
would have to do two passes and would have weaknesses as described here:
Assuming that it does make sense is there standardization work for Axolotl
for email encryption? I've read about the OMEMO for XMPP that is related.
If so, who is a contact for the Axolotl email standardization work?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging