[liberationtech] Secure Email Survey

[Tom Ritter]

In the spirit of open collaboration, Daniel Kahn Gillmor and I have
published a specification we're releasing into the public domain.  The
introduction is here: http://ritter.vg/blog-uee_email_encryption.html

This is an incremental upgrade to email as it is currently, that doesn't
try to make large sweeping changes.  Instead, it aims at huge adoption
rates (75%+ of all email addresses) by making certain compromises. In the
current legal situation, it is untenable.

But we're releasing it because we think there are a number of things that
most specifications don't take into account.  Some of the things that we
consider that I think are worth thinking about are things like corporate
email (where corporations have a need or regulatory requirement to see the
employees plaintext), the meta-data surrounding key discovery,
downgrade-proof support signalling, key enrollment and encryption in a
number of different scenarios (like unix accounts, email-sending scripts,
.forwards, shared hosting), a 'report only' mode to avoid a flag day and
incremental roll out for large deployments, and failure reporting.  There
are some additional things we never found a good answer for - things like
syncing keys between devices, email annotations, character sets, and
content modifications.

We're hoping that some of our ideas and thought processes can be used to
improve other projects.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131127/1ee66e8b/attachment.html>