On 2/17/2017 11:37 AM, Zenaan Harkness wrote:
On Fri, Feb 17, 2017 at 10:47:15AM +1000, James A. Donald wrote:
It is unlikely that Trump would manage his own public keys - and he cannot
trust the white house staff and government security people to manage them
for him. It is even more unlikely that Podesta would manage his own public
IPSEC was in principle the right approach in so far as "pre-emptive" or
opportunistic "link" encryption (i.e., your communication channel, by
default - as you say, zero clicks).
Ipsec is not very secure. What I was thinking of is a global database linking phone numbers, email addresses, etc, to public keys with a witness mechanism to ensure that every client gets told the same story as to which public key is associated with which phone number.
So if your client looks up its own public key by phone number, it sees a hash chain connecting that association to the global witness hash, and knows that client it is talking to sees the same public key. Clients upload and download public keys at infrequent intervals without human intervention.
This works fine with phones, since people assume one phone number per physical phone. Phone forwarding systems are assumed to forward from one phone number/physical device to another phone number physical device. Not so fine with email addresses. Just have to give people the option
'Your emails are currently encrypted so that they can only be read on the following physical devices ...
"Add current device to list for future emails?"
"Edit list of devices that are empowered to decrypt your email?"
Which interface is likely to confuse and irritate them.
And if you lose or damage the physical device that currently holds all your old emails and you have not backed it up recently, thus losing all your old emails and the secret key that can decrypt them - that could be very handy if an investigation is coming up.