

P2P encrypted email is looking for funding. - TheAuditor
http://www.indiegogo.com/projects/flowingmail-encrypted-serverless-email

======
racbart
What happens when your private key is compromised? Someone is able to read all
your messages and send messages impersonating you and you can't stop that, as
the address is a hash of the public key which derives from the private key.
You can't change keys like you could change your password in a traditional
email. You'd need to start using a new address but you can't expect the whole
world stop using your old address overnight (if at all).

This looks terrible. GPG solves this problem by not having keys and addresses
bound mathematically and relying on web of trust to match keys to addresses.
You can always revoke compromised keys and start using new ones. You can't do
that if the address is mathematically derived from the private key.

Our email addresses are our identities these days. Any system that aims to
replace email needs to provide some safe recovery in case the keys/passwords
are compromised. It's just too risky to have unchangeable password/key for
your identity.

