What is a "communication" (was Re: sorry, but ...
Roland Perry
lists at internetpolicyagency.com
Mon Aug 13 08:24:22 BST 2012
In article <5027C62C.7060300 at iosis.co.uk>, Peter Tomlinson
<pwt at iosis.co.uk> writes
>>>>> I still wish that we could easily and routinely be able to encrypt
>>>>>email content. Then plod would have to ask for the keys.
>>>>
>>>> PGP style of encryption or TLS?
>>>>
>>>> And what do you count as "email" - there are very many non-port-25
>>>>messaging systems these days (and that's part of plod's problem).
>>> I'm thinking of the USA program (www.nist.gov/nstic) to try to make
>>>the internet safe by use of eID methods (now using the buzzwords
>>>'Identity Ecosystem'), although how far they have actually got in the
>>>last year I'm not sure [1]. Securely and easily being able to pass
>>>information between two parties should be a vital part of that. In
>>>Europe we have been trying (somewhat fitfully) for 10 years to solve
>>>
>>
>> That's more about e-commerce than e-mail, surely?
>
>Yes, and, while using say https, we ought to be able to encrypt the
>data content (using a key provided after we present our eID) separately
>from the transport layer.
If that key is unique to the email service you are contacting, then such
an arrangement is possible today. If it's one key for all email services
it seems you may have invented the mother of all PKIs, and something
that sounds a lot like a second transport layer.
--
Roland Perry
More information about the ukcrypto
mailing list