Booger Security

"It's like flicking a booger at…spam" is the motto of Mailinator.  The idea is to make up a mailinator e-mail address when a website ask you for an e-mail address.  Mailinator will create the account on-demand (i.e. website sends a confirmation message) and self-destruct after a few hours.  Cute except it is a self-destructing idea, the kind that gets killed by its popularity.  I'll leave it up to you to work it out.

The idea is similar in a way to IBE (Identity-based Encryption) so I mixed the two ideas to get…you guess it, Booger Security.  IBE protected data that self-destructs.  Actually, I neglected to mention a brain storming session I had on my way back from a client today.  I thought about IBE and how it might be used in non-email applications.  By the time I passed University Avenue on 101, I had one.

IBE can be used to protect all or parts of webpage contents, extending security envelope beyond web server farms, all the way to application server and, for some applications, even to the databases.

Web servers are where the security battle is raged most furiously, not the firewall.  Crazily enough, all kinds of passwords and private keys are still routinely stored on those web servers.  Web servers are also where the SSL tunnel usually ends.  Are you getting the picture?  It's like a AD&D game where you fight through a level to find a key into the next level.

IBE could solve some of that problem by encrypting sensitive user information to and from the user.  There is also some caching opportunity also if user information changes slowly.  Anyway, the idea is not mature yet so allow me to concentrate on the Booger Security idea.

Imagine a Wiki, Booger Wiki (BK) if you will, where users post encrypted messages to individuals or groups of friends and collegues.  It could be IRC, IM, or even USENET posts.  Anway, a smart IBE-client should be able to monitor all these incoming protocols and decrypt messages it can.  Voila.  Secure messaging webpages in one fell swoop.  There is a horde of UI issues that needs to be solved, but the idea is effective enough to give Department of Homeland Security and NSA excuses to increase their budget.

Between University Avenue and Redwood City, I was too busy flicking to think.