Friday, October 07, 2005

Re: [IP] announcing

on Friday, Oct 07, 2005 Steven Champeon wrote:

Ed Gerck wrote:

> But don't we have two different actors here? Encryption has to do
> with the end-user while the other points you mentioned have to do
> with sysadmins. For the user, those other points you mention not only
> have zero priority but they can't do a thing about them, even if they
> would want to.

OK, point granted. I guess all I am saying is that if I had to choose
one thing to fix, getting the world's mail servers to support RFC 2821
would take priority over getting the world's end users to encrypt all
their mail.

> My discussion paper asks why users don't encrypt. Sysadmins are not
> a significant part of the answer, I think.

Agreed. The lack of a common PKI, I think, is the major factor here.
Email (unencrypted) doesn't require a handshake and key exchange (or
at least, not one visible to and requiring action on the part of,
the end user - this transparency is made possible, of course, by the
sysadmins whose role you minimize).

> OTOH, encryption and signatures can make it a lot easier to reject
> spam and prevent email fraud, which backfire to sysadmins.

But that's a zero sum game. Either everyone encrypts, or you don't gain.
> >Nowadays it seems the marketing folks are running the show and have lost
> >touch with what a basic user needs. It's a terrible state of affairs.
> That's a problem and David Farber had problems with this too. But first note
> that PGP and Outlook are on opposing camps. Outlook works fine with
> RSA-S/MIME and MSFT has no interest in support anything PGP related.
> PGP folks don't like MSFT either. Also, as I will comment in Part II,
> there's a fundamental problem why PGP and S/MIME are not very useful
> for email encryption. The marketing folks, either way, face a losing
> battle. It's not even a matter of a better user interface, even if
> very clever.

I'm looking forward to part II.

No comments: