Bob La Quey wrote:
Unfortunately "if everyone only" arguments rarely lead to practical solutions.
Someone has to be the first no matter what the proposed solution is. The real problem is nobody cares about their email security. They won't use GPG or a webmail solution or anything else until they do.
I can see a lot of ways to do it within an essentially closed but extensible network e.g. friends. Doing it in a universally accessible way though is a bit more of a puzzle.
I exchange GPG encrypted emails with random strangers I've met over the net. It works universally as far as I am concerned. Everyone using GPG seems to know they need to upload their public key to a directory if they want others outside their immediate group to be able to read their emails. And we also understand that the signature proves only that you are communicating with the same person all along until you or a trusted friend verifies the persons identity. It just works.
OK, how about this (not perfect but it may be good enough) Offer a web mail service via HTTP over SSL. All access to the service mus tbe throuh a netwrok of these mail portals. The inter-server communications streams is all encrypted.
And how will you get people to use this webmail service? Switching email addresses/providers/interfaces would seem to be even harder than getting people to switch to using GPG. It's the same problem but has fewer general practical uses.
-- Tracy R Reed http://ultraviolet.org A: Because we read from top to bottom, left to right Q: Why should I start my reply below the quoted text -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
