-----BEGIN PGP SIGNED MESSAGE-----
Adam Back wrote:
Jon wrote:
I think it would be a good thing to send a PGP message over an
encrypted link (TLS or other).
This is an independently good idea and would mitigate some of the
possibilites of CMR functionality being used for purposes other than
it's designers intended.
However it is hard to do; and the keys have different security focus
becuase it is hard to use user <-> user end to end TLS because of the
store and forward nature of email.
It is hard from a standards and deployment issue.
It is easy to do if we assume that that we control all the software. If
we assume that the software concerned is the PGP policy encforcer - on
both sides of the exchange - then there is no difficulty about putting
together a simple protocol that allows the *policy enforcers* to
exchange keys and use them for PFS.
It would be non-compatible with other mailers, true, but that's what
experimentation is about, right?
Now, if we put in place this scenario, you might be able to make a case
that the enforcment or strict option on the SMTP filter should only be
turned on when you have the PFS in place.
I haven't developed this fully, but it does have the advantage of
allowing a migration path from our current situation.
- --
iang
iang(_at_)systemics(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
iQCVAgUANEi0I5UdDk1bRs+FAQEA2AP8DPofcnCFQQx0WIqEzlpgqYQ5NPzIpbIpWqUFC61ud1Jv
njlbHg5HirFAwTFsccO6+xaflKIvMIVD5GvTwIS4OL1MRLuUQ/gukX9XQ04aMiXPuxH5LWaLyDdA
7qqGF86xEzLqJc9xHfMRBNT8Ek323zypZNpzNBXmd4kDW2bY5LU=
=HAWR
-----END PGP SIGNATURE-----