Werner, Marcus, Thank you for thinking about taking end-to-end e-mail encryption to the next level. I really like your ideas.
However, I think you're not ambitious enough when you opt for using DNS for key distribution. Yes, the infrastructure and RR types[1] are already there. But it brings this nasty dependency on the provider. Because the part of the client updates to the DNS is a key missing part in the DNS infrastructure as today, and I don't see providers adding that soon. I'm thinking more of things like DHT, Distributed Hash Tables, in BitTorrent, or similar concepts in other peer-to-peer networks. I have no idea how it works :), but it does. You fire up your BitTorrent, all the data it needs is the hash of a torrent file, and suddenly it learns IP-addresses of other people who share that torrent file. If you could do something similar for mapping e-mail addresses to certificates, you don't need ISP's to implement extra stuff. Because I think that is a really major hurdle; probably a too steep one, IMHO. And if you design that infrastructure general enough to do X-to-certificate, we could use the same infra for opportunistic end-to-end encryption of TCP/IP, which would be great to have too, but a different paper altogether :). Peter. [1] "Entries" in the DNS, for people not up to DNSpeed ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
