Create a key, identify it by a hash of it, and encrypt all mail sent to the account with the key. Allow it to run on top of regular email using one or more email addresses as an alias, but have the key itself be the identifier.
Client 1 creates a key pair > uploads email address(es)/"aliases " that client controlls (signed with key pair) > client 2 searches for emails based on client 1’s key or aliases > client 2 sends email through one or more of the accepted inboxes encrypted with public key > client 1 reads encrypted email.
Basically a modernized version of PGP that also handles identification, and similar to how it’s been proposed to change Matrix accounts to in order to make them decentralized.
The other way would be a dht of hashed email addresses or hashed keys, but then you could look up live email addresses to send spam to.
The magic of tor v3 is that the plain address record is needed for some time based calculations about the dht record, e.g. they publish the descriptor’s of the site using the public key as a reverse lookup
But that wouldn’t work to obscure the email or use the email as a lookup because the dht wouldn’t have a way to prove the record was true to that email, unless it was sending emails from it
I guess that leaves DNS records or some kind of activity pub system with webfinger
Decentralized encrypted email.
Create a key, identify it by a hash of it, and encrypt all mail sent to the account with the key. Allow it to run on top of regular email using one or more email addresses as an alias, but have the key itself be the identifier.
Client 1 creates a key pair > uploads email address(es)/"aliases " that client controlls (signed with key pair) > client 2 searches for emails based on client 1’s key or aliases > client 2 sends email through one or more of the accepted inboxes encrypted with public key > client 1 reads encrypted email.
Basically a modernized version of PGP that also handles identification, and similar to how it’s been proposed to change Matrix accounts to in order to make them decentralized.
I mean, delta.chat exists…
The other way would be a dht of hashed email addresses or hashed keys, but then you could look up live email addresses to send spam to.
The magic of tor v3 is that the plain address record is needed for some time based calculations about the dht record, e.g. they publish the descriptor’s of the site using the public key as a reverse lookup
But that wouldn’t work to obscure the email or use the email as a lookup because the dht wouldn’t have a way to prove the record was true to that email, unless it was sending emails from it
I guess that leaves DNS records or some kind of activity pub system with webfinger
Unfortunately I don’t think email can ever really be that private or secure.