On Fri, 9 Dec 2005, Ed Gerck wrote:
[...] at least the grand
picture should exist beforehand. This is what this thread's subject
paper is about, the grand picture for secure email and why aren't
we there yet (Phil's PGP is almost 15 years old) -- what's missing.
and Bill Stewart wrote:
Popularity of a product is critical to its security;
you don't gain anonymity if the Feds can recognize that
you're one of the dozen users of a given application.
Your mom can use Skype, but nobody she knows uses Crypto Kong,
and I only know a few people who use PGP to email their mom.
But some of the Instant Messaging systems use crypto;
too bad that they're continually trying to be incompatible
with each other to gain market share.
I think what's missing is the understanding that there cannot be
secure email without the persons involved acting responsible and
knowing their role in the process.
Your mother will probably expect the computer to do the job for her
(mine will never expect anything from computers) rejecting any
responsibility for her email's security. In my opinion establishing
secure email this way is impossible despite the fact that encryption is
(relatively) easy if our algorithms work as expected and you have the
correct high-quality public key.
And even if Instant Messaging systems would use the same crypto people
will use them like cell phones without any consciousness of their own
responsibility for key validation. Getting good crypto into mass products
can help but does not eliminate the necessity for checking essential
properties of the system they use.
How we can make this job as reliable as possible is the question at the
heart of the problem.