Alok Menghrajani wrote:
Hi All,
has anyone already thought of this: for every pair of email addresses, a
unique id is generated.
There have been similar proposals in the past, yes, although most of them
have brought cryptography in basically because there's little reason not to.
Once people have setup (exchanged) these unique ids, they can send emails
to each other be being "pretty sure" that the emails are not spam. This
way if I pretend to be yourfriend(_at_)hotmail(_dot_)com, until and unless I
don't
know what the unique id is, you will know I'm pretending to be
yourfriend(_at_)hotmail(_dot_)com (and this probably spam). It's kind of the
idea
behind public key cryptography, that create a symetric key, except that
the goal here is not to encrypt mail, and that the unique id can be kept
for a long period of time. (the unique id is of course sent in each email,
actually the unique id would be the seed of a random number generator, and
each email will have the next random number in one of it's header).
Little nit: that's *NOT* public key cryptography. Public key cryptography is
where one can encrypt without having a shared secret, like this unique ID.
The major problem with this is that a great many emails are not 1 to 1
messages. This one, for example, it addressed to you, and thus would have a
unique ID between us embedded in its headers, but it's being copied to the
list, where anyone could get it and forge messages between us. That's why
public key cryptography is so powerful: even with access to massive numbers
of signed messages, it's still theoretically 'hard' to compute the signing key.
I don't know what would be the best way to exchange these unique id's,
perhaps something like what I talked in my previous emails (each person
performs a calculation), or it could just be based on plain text (until
and unless we don't exchange the id's, our mails won't be automatically
marked 'clean').
If you want to use a system like that, it's already been implemented in
stronger cryptographic form with pgp and its free software reimplementation,
gpg. That includes the infrastructure to distribute signature and encryption
keys.
I know this list is about improving the current mail protocols, sorry
if any of my questions/suggestions are completly off topic.
It's all seemed pretty much on topic so far, although some of this has been
discussed in the past. My one suggestion is to follow the posting guidlines
of prepending a subject area to the subject line, like "0. General" or "6.
Proposals"
Btw, can someone explain me why the email protocol uses relays (and why
the sender doesn't connect directly to the receiver's server) ? Is there
an advantage of having such an architecture today ?
For various structural reasons, it's necessary, and I wouldn't say it's
particularly evil. There is really nothing that can be done with end-to-end
that can't be done with relays, it just may require a little more thought at
times.
Philip Miller
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg