[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ::scr tales from the crypto



I've lost my original notes (and stupid diagram) but I think this sums it up

Actually, now that I remember it, my original idea (being very web-based) went something more like this:


1. Sender hits "send message"
2. Client looks up address then contacts and establishes secure connection with relevant server
3. Client sends message to server
4. Server encrypts message
5. Server passes message to recipient
6. Recipient decrypts message with private key


Which reminds me of why I didn't get round to finishing the idea. Step 4 is blatantly hideous and open to all kinds of hideous interloping snoops and spooks potential. But Matt's prodding plus all the web service buzzoids flying around made me forget that and posit that the client do the encrypting. All of a sudden it seems eminently right. Someone must be doing something like this already...

In fact, Hushmail already aren't they? That's actually the *real* reason that I never got round to finishing the idea.