 |
[Dev] Automatic secure email
Andy Hertzfeld
Wed, 06 Nov 2002 20:42:07 -0800
Hi Aaron,
Thanks for the Brad Templeton link, I hadn't seen it but I'll
try to follow up with him since he definitely is thinking along the same
lines.
As I was working out the details, I thought about the possibility
of including the public key (or a hash/URL) in the header of every
message that you send, but ultimately I decided that the proposed scheme
was stronger, for the following reasons:
1. The full public key is kind of bulky to include in short
messages, and the hash/URL approach requires the user to have access to
a server, and the ability to set it up, which we can't count on.
2. There are multiple existing cryptographic algorithms and formats;
it would be nice to be able to support as many as we can, including ones
not yet defined. Not every client will support every format. If
different keys are necessary for different schemes, it would be silly to
put them all in every message you send.
3. The email round-trip (requesting a profile from a client, then
receiving it via email) adds an additional level of security, since it's
relatively hard to intercept someone's email, compared to sending a
message with fake headers.
4. It's nice to have the non-crypto part of the profile (what
mime-types you accept, and perhaps other APIs supported by the client,
including SOAP over email); it wouldn't make sense to include an
elaborate profile in every message.
-- Andy
|
