问题描述

由于大多数人都知道，电子邮件是非常不安全的。即使在客户端和发送电子邮件的服务器之间使用SSL安全连接，消息本身也将是纯文本，而它跨越Internet的节点遍历，使其易于被窃听。

As most of you know, email is very insecure. Even with a SSL-secured connection between the client and the server that sends an email, the message itself will be in plaintext while it hops around nodes across the Internet, leaving it vulnerable to eavesdropping.

另一个考虑因素是发件人可能不希望邮件在一段时间后或在读取一次后即使是预期的收件人也是可读的。这有很多原因;例如，邮件可能包含可通过传票请求的敏感信息。

Another consideration is the sender might not want the message to be readable - even by the intended recipient - after some time or after it's been read once. There are a number of reasons for this; for example, the message might contain sensitive information that can be requested through a subpoena.

解决方案（我认为最常见的一种解决方案是将邮件发送到受信任的第三方，以及到该消息的链接到接收者，然后该接收者从第三方读取该消息。或者发送方可以向接收方发送加密消息（使用对称加密）并将密钥发送给第三方。

A solution (the most common one, I believe) is to send the message to a trusted third party, and a link to the that message to the recipient, who then reads this message from the 3rd party. Or the sender can send an encrypted message (using symmetric encryption) to the recipient and send the key to the 3rd party.

无论哪种方式，这种方法都有一个根本性的问题：如果这个第三方被破坏，你所有的努力都将无用。对于像这样的事件的真实示例，请参阅涉及与NSA

Either way, there is a fundamental problem with this approach: if this 3rd party is compromised, all your efforts will be rendered useless. For a real example of an incident like this, refer to debacles involving Crypto AG colluding with the NSA

我见过的另一个解决方案是 Vanish a>，其对消息进行加密，将密钥分割为片段并将片段存储在DHT（即Vuze DHT）中。通过简单地查看哈希值（哈希值随消息一起发送），这些值可以轻松，有些可靠地访问。 8小时后，这些值会丢失，甚至预期的收件人也无法读取该邮件。拥有数百万个节点，没有单点故障。但是这也因为在DHT上增加了Sybil攻击而被破坏了（更多信息，请参阅Vanish网页）。

Another solution I've seen was Vanish, which encrypts the message, splits the key into pieces and "stores" the pieces in a DHT (namely the Vuze DHT). These values can be easily and somewhat reliably accessed by simply looking the hashes up (the hashes are sent with the message). After 8 hours, these values are lost, and even the intended recipient won't be able to read the message. With millions of nodes, there is no single point of failure. But this was also broken by mounting a Sybil attack on the DHT (refer to the Vanish webpage for more information).

有没有人有如何完成这个的想法？

So does anyone have ideas on how to accomplish this?

编辑：我想我没有说清楚。主要关注的不是收件人故意保留消息（我知道这是一个不可能控制），但消息可用的地方。

I guess I didn't make myself clear. The main concern is not the recipient intentionally keeping the message (I know this one is impossible to control), but the message being available somewhere.

例如，在安然崩溃中，法院传送了他们的服务器上的所有电子邮件。

For example, in the Enron debacle, the courts subpoenaed them for all the email on their servers. Had the messages been encrypted and the keys lost forever, it would do them no good to have encrypted messages and no keys.

推荐答案

如果邮件被加密，密钥永久丢失，那么加密邮件和密钥就不会有好处。有这么多不同的方法去做它有所有的好点和坏点，你只需要选择一个适合你的场景。我认为最好的方式是与你最常见的解决方案相同。可信的第三方应该是你 - 你创建一个自己的网站，使用你自己的身份验证。

There are so many different ways of going about it which all have good and bad points, you just need to choose the right one for your scenario. I think the best way of going about it is the same as your 'most common' solution. The trusted third party should really be you - you create a website of your own, with your own authentication being used. Then you don't have to give your hypothetical keys to anyone.

您可以使用双向认证方法创建您自己的客户端软件，它可以读取电子邮件，用户有自己的证书。更好的安全比对不起！

You could use a two way certification method by creating your own client software which can read the emails, with the user having their own certificate. Better be safe than sorry!