Control Your Identity or Microsoft and Intel Will
Subject:   web email may be inroad to mass adoption
Date:   2002-07-10 02:08:52
From:   winfield
This is pure speculation, but I was thinking that there are enough people who use web email clients to kickstart mass adoption of digital certs, if only the account came _standard_ with one. Think about it, you normally have to send your personal information when signing up for a web email account anyway, so that step is saved. Also, there wouldn't need to be a verification process for binding to the email address since both cert and email come together. The only drawback is now you have to trust your web email provider with your private key, unless some fancy active-x control signs it on the client. But with the key on the client you wouldn't be able to roam, which is why people get web email in the first place. Unless! :) I don't know too much about cryptographic protocols, but perhaps if the server had your private key but not your passphrase then you might be able to roam without having to trust your email provider:

1. You log on to your web email account as per normal from any computer.

2. You compose an email message.

3. Your private key is sent to you across an SSL connection. (too risky? probably.)

4. You enter your passphrase.

5. A javascript routine (no client-side active-x or java required) takes the key, the message, and the passphrase, and signs the message, sending it to the server.

If sending a private key across the net is too stupid for words then I'm afraid signed web email would need to wait for ubiquitous smart card readers to reach mass adoption. :)

1 to 1 of 1
  1. Marc Hedlund photo web email may be inroad to mass adoption
    2002-07-10 07:25:11  Marc Hedlund | O'Reilly AuthorO'Reilly Blogger [View]

    • web email may be inroad to mass adoption
      2002-07-10 13:03:35  winfield [View]

1 to 1 of 1