Re: Funny design method to hide mail addresses ?

[krymson () gmail com]

1. Mail addresses or e-mail addresses?

2. Are the mail addresses collected via a web page that the webmaster controls? If so, there will always be a way for 
the webmaster to filch these as they're passed in, or displayed elsewhere in the site. The webmaster almost certainly 
can also call them back out of the database after storage, especially if the system has the ability to do some other 
things with the addresses later (i.e. throw mails to them). If the webmaster controls the server administration as well 
as the code, things get even harder to ensure such a level of trust.

3. Depending on your location, authorities will always be able to force such information from you through 
legal/judicial means.

4. Just delete the information if you no longer need it, i.e. expired mail address.


<- snip ->
Hi there,
In my web project, I am storing mail addresses. These addresses may be used by the system to throw mails to the 
recipients. It is also important to say that these mail addresses have expiration time.

But the critical point is trustness: for this very service, people must be sure that the mail addresses wil not be 
given to somebody else (especially to authorities, for example).

To resume:
* the system has to "know" the mail address.
* the webmaster (or somebody else) has to be unable to find the true mail addresses.

By doing this, the webmaster will not be able to give information (even by force :)).

This is a fun problem.

Intermediate solution: I already know how to do this as soon as the information has expired. E.g. The mail address is 
encrypted with gnupg (GPG / PGP algorithms). The system (or anybody) can decrypt if he/it has the password. But as soon 
as the mail address has expired, let's revoke the secret key :arrow: one cannot decrypt the mail address anymore.

But this raises a performance problem (to create the private key)...

Any help would be most appreciated :)

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------