on Friday, Oct 07, 2005 Steven Champeon wrote:Ed Gerck wrote:
But don't we have two different actors here? Encryption has to do
with the end-user while the other points you mentioned have to do
with sysadmins. For the user, those other points you mention not only
have zero priority but they can't do a thing about them, even if they
would want to.
OK, point granted. I guess all I am saying is that if I had to choose
one thing to fix, getting the world's mail servers to support RFC 2821
would take priority over getting the world's end users to encrypt all
My discussion paper asks why users don't encrypt. Sysadmins are not
a significant part of the answer, I think.
Agreed. The lack of a common PKI, I think, is the major factor here.
Email (unencrypted) doesn't require a handshake and key exchange (or
at least, not one visible to and requiring action on the part of,
the end user - this transparency is made possible, of course, by the
sysadmins whose role you minimize).
OTOH, encryption and signatures can make it a lot easier to reject
spam and prevent email fraud, which backfire to sysadmins.
But that's a zero sum game. Either everyone encrypts, or you don't gain.
Nowadays it seems the marketing folks are running the show and have lost
touch with what a basic user needs. It's a terrible state of affairs.
That's a problem and David Farber had problems with this too. But first note
that PGP and Outlook are on opposing camps. Outlook works fine with
RSA-S/MIME and MSFT has no interest in support anything PGP related.
PGP folks don't like MSFT either. Also, as I will comment in Part II,
there's a fundamental problem why PGP and S/MIME are not very useful
for email encryption. The marketing folks, either way, face a losing
battle. It's not even a matter of a better user interface, even if