::scr tales from the crypto

Alex Robinson scr@thegestalt.org
Fri, 19 Apr 2002 20:11:05 +0100


>I've lost my original notes (and stupid diagram) but I think this sums it up

Actually, now that I remember it, my original idea (being very 
web-based) went something more like this:

1. Sender hits "send message"
2. Client looks up address then contacts and establishes secure 
connection with relevant server
3. Client sends message to server
4. Server encrypts message
5. Server passes message to recipient
6. Recipient decrypts message with private key

Which reminds me of why I didn't get round to finishing the idea. 
Step 4 is blatantly hideous and open to all kinds of hideous 
interloping snoops and spooks potential. But Matt's prodding plus all 
the web service buzzoids flying around made me forget that and posit 
that the client do the encrypting. All of a sudden it seems eminently 
right. Someone must be doing something like this already...

In fact, Hushmail already aren't they? That's actually the *real* 
reason that I never got round to finishing the idea.