Re: PGP is not security
A certain amount of metadata has to be in the clear, otherwise how does a public mail server know how to route your email? It at the very least needs to know what domain to send it to. So maybe metadata encrypted with a public key for that domain, then the server in that domain can route it to the appropriate user.
This is exactly what Darkmail proposes. The protocol has separate keys for the sender, so the message could be authenticated, for the sending server, so it knows which domain to send the message to, for the receiving server, so it knows which user to send the message to, and for the user. The sending server doesn’t know which user is the recipient, unless it’s on the same server, and the receiving server doesn’t know which user is the sender.
The specs (pdf) take a lot of words to describe the system, and it’s still not usable. At least it’s a collaborative effort, so if it works, I’m expecting there would be more services providing it in a federated fashion, like the current mail system and unlike all those secure messaging apps.
Biting the hand that feeds IT
