[messaging] Axolotl for email
Wei Chuang
weihaw at gmail.com
Thu Jun 9 12:11:45 PDT 2016
Pardon the bug in the initial message. D-E is supposed to be D-H =)
-Wei
On 9 June 2016 at 11:16, Wei Chuang <weihaw at gmail.com> wrote:
> Hi all,
>
> Would it make sense to apply Axolotl for email encryption? While the
> protocol allows the D-E exchanges to be asynchronous, the main remaining
> issue is the initial D-E exchange setup. TextSecure uses pre-keying, but
> that likely has challenges for email as there isn't a standard directory
> service for email. Are other approaches possible? Would it be possible to
> use existing PKI (X.509 or PGP based) to transmit the initial D-E key with
> integrity?
>
> If that can be overcome, I see the following advantages (and please
> correct me if I'm wrong):
> 1) Perfect forward and backwards secrecy makes key loss much less
> important. So much so that much of the worry about key revocation goes
> away.
> 2) Message processing needs only be a single pass authenticated encryption
> encrypt/decrypt that provides both privacy and integrity. S/MIME and PGP
> would have to do two passes and would have weaknesses as described here:
> http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
>
> Assuming that it does make sense is there standardization work for Axolotl
> for email encryption? I've read about the OMEMO for XMPP that is related.
> If so, who is a contact for the Axolotl email standardization work?
>
> thanks,
> -Wei
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160609/8373020d/attachment.html>
More information about the Messaging
mailing list