[FoRK] At what point is email officially broken?

Justin Mason < jm at jmason.org > on > Thu Dec 7 03:56:05 PST 2006

Simon Wistow writes:
> On Wed, Dec 06, 2006 at 01:59:11PM -0800, Tom Higgins said:
> > Crypto? PGP has been out for a decade or so and it is being used by
> > what percent of the email population? Yea, see it may sound good it
> > might flash a little something but without use it means not much.
> 
> Funnily enough I was talking with someone about this yesterday - what if 
> Google, Yahoo! and Microsoft implemented client side PGP in their 
> webmail products?
> 
> At first I imagine it would only be signing. Obviously all the people on 
> the same service as you would be easily authenticated. 
> Authenticating people using the other big two webmail services could 
> easily be done by some sort of agreement between the Big Three players. 
> Mayb even toss in AOL whilst we're at it.
> 
> Hopefully, by then, unsigned email would start to be in the minority. 
> Also, potentially, since crypto has been built in more or less 
> transparently to the end user mail can start to be encrypted as well as 
> signed (although that's far less likely since then then wbemail 
> companies can't data mine your inbox).
> 
> The big problem, of course, is allowing people not using those services
> to participate in such a way that doesn't also allows spammers to keep
> going and also doesn't boil down to "use a whitelist".

yep.  You'd have just solved Authentication but not Reputation:

http://emailtech.wordtothewise.com/articles/2006/09/11/authentication-and-repudiation

> This is the step just before "Profit!" and just after "Steal 
> Underpants!". When I work it out, I'll make my millions and retire into 
> the life of the Gentleman Scientist.

Ah, the life of the Gentleman Scientist.  it's the dream, alright ;)

hey, btw, another point on the "if we all used PGP we'd be fine" argument:
look into DKIM.  It's a well-supported, IETF-standards-track protocol
which basically offers crypto signing, built transparently into the
existing SMTP protocol, without requiring rewrites of MUAs and
the problem that users can't use PGP without brain surgery.

--j.

More information about the FoRK mailing list