[Dev] Automatic secure email

[Andy Hertzfeld]

Hi Aaron,

        Thanks for the Brad Templeton link, I hadn't seen it but I'll 
try to follow up with him since he definitely is thinking along the same 
lines.

       As I was working out the details, I thought about the possibility 
of including the public key (or a hash/URL) in the header of every 
message that you send, but ultimately I decided that the proposed scheme 
was stronger, for the following reasons:

    1.  The full public key is kind of bulky to include in short 
messages, and the hash/URL approach requires the user to have access to 
a server, and the ability to set it up, which we can't count on.

  2.  There are multiple existing cryptographic algorithms and formats; 
it would be nice to be able to support as many as we can, including ones 
not yet defined.  Not every client will support every format.  If 
different keys are necessary for different schemes, it would be silly to 
put them all in every message you send.

3.  The email round-trip (requesting a profile from a client, then 
receiving it via email) adds an additional level of security, since it's 
relatively hard to intercept someone's email, compared to sending a 
message with fake headers.

4.  It's nice to have the non-crypto part of the profile (what 
mime-types you accept, and perhaps other APIs supported by the client, 
including SOAP over email); it wouldn't make sense to include an 
elaborate profile in every message.

-- Andy