::scr tales from the crypto
Alex Robinson
scr@thegestalt.org
Fri, 19 Apr 2002 20:11:05 +0100
>I've lost my original notes (and stupid diagram) but I think this sums it up
Actually, now that I remember it, my original idea (being very
web-based) went something more like this:
1. Sender hits "send message"
2. Client looks up address then contacts and establishes secure
connection with relevant server
3. Client sends message to server
4. Server encrypts message
5. Server passes message to recipient
6. Recipient decrypts message with private key
Which reminds me of why I didn't get round to finishing the idea.
Step 4 is blatantly hideous and open to all kinds of hideous
interloping snoops and spooks potential. But Matt's prodding plus all
the web service buzzoids flying around made me forget that and posit
that the client do the encrypting. All of a sudden it seems eminently
right. Someone must be doing something like this already...
In fact, Hushmail already aren't they? That's actually the *real*
reason that I never got round to finishing the idea.