[148346] in cryptography@c2.net mail archive
Re: [Cryptography] Email is securable within a coterie [was: Email
daemon@ATHENA.MIT.EDU (ianG)
Wed Dec 4 13:27:09 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 04 Dec 2013 11:56:24 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <20131203195924.381E7EAFBD@snorky.mixmin.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 3/12/13 22:59 PM, StealthMonger wrote:
> ianG <iang@iang.org> writes:
>
>> On 25/11/13 13:07 PM, StealthMonger wrote:
>>> ianG <iang@iang.org> writes:
>>>> But, there are other reasons...
>>>> For example, consider traffic analysis or metadata or mass surveillance...
>>>> Then, look at the design of email...
>>>> Then, webmail...
>>>> Then, the assumptions of email...
>>>> Hence, I've concluded that email is unsecurable.
>
>>> None of these objections apply to mail within a coterie (as most email
>>> is) where the parties agree out of band to suppress non-essential
>>> headers and to properly use anonymizing remailers and message pools.
>
>> I entirely agree that if you put all that in place, it will work. Mail
>> is theoretically securable.
>
>> What I would question is whether we can agree on how to get to that
>> place (IETF committees, PHB v. Dark Alliance, S/MIME v. PGP, etc etc),
>
> But we're there now! Have been for over 15 years! The well-known
> mixmaster remailer network and the Usenet alt.anonymous.messages message
> pool. No need to wait for IETF or anything.
No, you have to get the support for those tools into popular GUI
clients. E.g., Thunderbird. If you want ordinary people to be
protected, the GUI clients have to be delivered with the solution
already installed and enabled.
If you talk to say Mozilla, they say that they follow standards, they
typically don't do any new / original security work. It's in the
manifesto! (Microsoft will probably say, show us the money! Google
will probably say, show us the data ;) )
So you have to then go to IETF and get them to implement a standard.
E.g., OpenPGP followed this route....
Then you have to go back to Mozilla and convince them to implement, or
let you implement. Then you're get mumble mumble plugin mumble.
We're facing realpolitik & economics, not a technical challenge. Good luck!
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
