| >Banks [use] a web interface, after the user logs in to their account. | | >So, what's missing in the email PKI model is two-sidedness. | >Fairness. | | Not really. What's missing is, if you'll pardon the phrase, a central | point of failure. | | If you can persuade everyone to use a single system, it's not hard to | make communication adequately secure. Look at Hushmail; if you | believe that their internal processes are OK, you can set up an | account and communicate quite securely with other Hushmail users on | their web site, or for the more nerdy, you can use SSL IMAP and PGP to | communicate with their central site. It's been limping along since | 1999, I don't know anyone who uses it which says something about its | actual utility. | | But that's not e-mail. The great thing about Internet e-mail is that | vast numbers of different mail systems that do not know or trust each | other can communicate without prearrangement. And of couse the awful | thing about Internet e-mail is the same thing. It's hard to see any | successful e-mail system in the future, secure or otherwise, that | doesn't do that, since Internet mail killed all of the closed systems | that preceded it. On the other hand, the push/pull combination of spam and IM/SMS are well on their way to killing Internet mail. Spam being what it is, the notion that "anyone can send mail to anyone" is naive. Unsolicited mail stands a good chance of ending up tossed by a spam filter. The volume of spam is so high that few people even bother to review the stuff caught, if their mail provider even provides a mechanism to do that.
Meanwhile, the next generation of users is growing up on the immediacy of IM and text messaging. Mail is ... so 20th century. I think the whole notion of decentralizing *everything* has turned out to be a trap. Yes, it makes for great cryptography and system design to find ways to do without a trusted third party. But the resulting systems just don't fit the way people think and work. Trust has *always* been based on personal contact, extended to organizations that work hard to have a "human face" on the one hand, and to various human-scale, humanly-transparent ways of reifying and rendering portable the smile and the handshake, from letters of credit to various business rating organizations (D&B, BBB), and so on. Replacing that with some abstract cryptographic system that no one understands, no one can see or touch - and that ultimately can only be perceived as trustworthy if it comes from trustworthy institutions anyway - is just a non-starter. With this shaky base, it should perhaps not come as a surprise that after all these years of trying, we haven't managed to come up with human interfaces to these systems that actually allow them to work effectively in the human world. Meanwhile, in real terms, it would be interesting to know what percentage of Email these days flows *between* organizations, and what percentage remains within individual organization's Exchange servers. With all the rules already enforced by typical Exchange-using organizations - not to mention all the new rules being added as first "compliance" and now "evidence retention and destruction" regs and the upcoming "information leakage management", more and more Email systems are taking on the characteristics of the old closed systems, with only a thin, closely watched pipe connecting them out to the Internet. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]