[148224] in cryptography@c2.net mail archive
Re: [Cryptography] Dark Mail Alliance specs?
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Nov 23 19:07:14 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 23 Nov 2013 13:18:48 -0800
To: Cryptography <cryptography@metzdowd.com>
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <alpine.LFD.2.02.1311231318220.6481@laptop.kerry-linux.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
At 04:30 AM 11/23/2013, Ralf Senderek wrote:
>> > > But of course you're right about actual current usage,
>> encrypted email is an
>> > > epic fail on that measure regardless of format/protocol.
>
> > Yes, but it's about time we do something about that. Do we
> *exactly know why* it is such a failure?
It's about user interfaces and key management.
If you want to send encrypted email to Alice,
you need her keys, so there needs to be a key fetching UI somewhere,
and you need to have your mail system associate Alice's keys with her
email address,
and have it do something appropriate if you're sending one message to
multiple recipients,
especially if you have keys for Alice but not Bob, or if a recipient
is a mailing list,
and if you want to send signed email, you need to have a way to get
your keys to the recipient,
and ideally you'd like to have a way to validate those keys, though
even first-use is a start.
If you do build a key management system, it needs to be able to feed
into the email
James Donald's Crypto Kong did an interesting job of unintrusive key handling;
using ECC meant that the key was short enough to fit in a couple
lines of base64 text.
At $DAYJOB, we're using the Voltage Secure Mail plugin for Outlook,
which provides a Send Secure button in addition to the regular Send button,
integrates with the Exchange system's Global Address List,
and lets recipients who don't use it fetch messages from an https URL.
And almost nobody uses it either :-)
You also need to do something appropriate for webmail systems.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography