Re: Scope for self-destructing email?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/16/2017 9:43 PM, Phillip Hallam-Baker wrote:

On Wed, Aug 16, 2017 at 11:47 PM, Deen, Glenn (NBCUniversal) <Glenn.Deen@xxxxxxxxxx> wrote:
The key issue is that no method currently in existence can defeat a camera taking a picture of the screen.  That will always let an authorized receiver make a permanent copy of the email and do what they want with it.  Yes, you may be throwing away repudiation and signature information, but they will have the contents of the mail.

​ Absolutely true. And really serious for some applications. But consider the Game of Thrones hack, a screen capture would be serious, yes. But nowhere near as serious as having the final cut leak in HD.

​ The kids are using snapchat because their principle security concern is that the receiver will forget to delete the pics they send and they will end up with the parents. They understand full well that they can photograph the screen of one phone with another.

The perfect is the enemy of the good. 
 
Yes. The threat model here is not that the recipient will somehow divulge the message. Of course they can. The problem is that copies of the message are kept in multiple places.

If the recipient is cooperating, that is not an unsolvable problem. Suppose that the recipient's copy is encrypted with a short lived public key, and that the recipient voluntarily discards the corresponding private key after some time. There may well be copies of the bits around in many places, but nobody would be able to decrypt them. Of course, this requires that the sender acquires an ephemeral key from the recipient before sending the message. That may be hard to do in practice. But it is certainly doable.

-- 
Christian Huitema
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]