On Wed, Aug 28, 2013 at 4:15 PM, Phill <hal...@gmail.com> wrote: > My target audience, like Perry's is people who simply can't cope with > anything more complex than an email address. For me secure mail has to look > feel and smell exactly the same as current mail. The only difference being > that sometime the secure mailer will say 'I can't contact that person > securely right now because…' > I agree with Perry and Phill that email experience should be essentially undisturbed in the normal case, though it's OK to add an additional authorization step.
One thing that irks me, though, is the problem of the robust, secure terminal: if everything is encrypted, how does one survive the loss/theft/destruction of a computer or harddrive? I'm no ignoramus, yet I have, several times, lost data I cared about due to hardware failure or theft combined with improper backup. How is a total newbie to do? Most newbies rely on things surviving despite their lack of explicit caution. Currently, they do it by basically trusting Google or some other company with their mail. Whichever way you do things to make them responsible for keys will lead to either (1) failure because it's technically too hard, and/or (2) automated attacks on the weak point that handles things for them. For instance, you have a program that automatically recovers keys from the escrow modulo a few questions. Then, either few questions are too hard and he actually looses the keys, or they are easy enough that the attacker can find answers and recover the key. Or, you have standardized key management and backup policies. Then the attacker can look at the standardized location for the precious keys, and modulo extraction of some master key, can automatically steal everyone's wallet. And then, to prevent automatic extraction of security data, you find that you need not just an appropriate distributed infrastructure (which is more painful to fund if you can't sell the data and require an explicit transaction from the user), but also secure terminals — which implies a secure OS, and hardware that you actually control, rather than big corporations that bend over for big governments. That's a lot of yak to shave to provide end-users (or even average geeks) with seemless secure email. —♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org Being generous is inborn; being altruistic is a learned perversity. No resemblance — — Robert Heinlein, "Time Enough For Love" _______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography