On Fri, 2019-11-01 at 15:42 -0400, Tony Lane via Gnupg-users wrote: > On 10/29/19 8:33 PM, raf via Gnupg-users wrote: > > Hi, > > > > Sorry if this was mentioned before but I've just come > > across a novel approach to email encryption that > > doesn't do end-to-end encryption, but rather it > > encrypts email upon receipt so that an individual can > > encrypt the email that is stored in their IMAP account > > as it arrives without the need for every sender to > > encrypt and without the need for any service provider's > > involvement > > That doesn't sound very safe. My interpretation of the > goals of GPG is two server two purposes: > 1) To transmit data securely over an insecure medium in > a way such that it can protect itself against some > eavesdropper or man-in-the-middle listening, or... > (2) Provide a means to create digital signatures on data > such that you can be assured that some message was sent > only by someone who possesses the private key who's > public key you've added. > > Your proposal doesn't seem to address the MITM attacks. > It doesn't seem deal with signatures either. > It seems only to encrypt things only on receipt. What > does that protect against, exactly? Maybe I'm missing > something here... >
TL;DR: It's about damage control. This idea considers the email provider as an entity that the user trusts in the perspective of not being an intentional eavesdropper. But it counts in the possiblity that an email provider might gets compromised and mail content is extracted or existing mails might be searched. And that's what it tries to protect from. All this can be achieved by proper rolled out OpenPGP, but we see that we are not there (yet?). Something quite positive about the idea is the fact that re-encryption of the emails happens which is something we might should consider to simplify with gnupg as well. When there is one problem with OpenPGP encrypted emails, then it's the fact that we don't re-encrypt them on a regular basis (at least I don't hear anyone talking about this). Cryptographic functions (or at least their parameters) are aging rather bad, which means my 10 year old mails might be easy to crack in 5 years because of whatever found problem in the algorithm (or parameters used for it) from 10 years ago. It's a cold storage problem that this approach seems to try to solve, which is a rather refreshing idea, even when I agree that it has its own set of problems. -- Signed Sheogorath OpenPGP: https://shivering-isles.com/openpgp/0xFCB98C2A3EC6F601.txt
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
