NPR : E-Mail Encryption Rare in Everyday Use

Ian G iang at systemics.com
Sat Feb 25 13:33:38 EST 2006


Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ian G wrote:
> 
> 
>>To get people to do something they will say "no"
>>to, we have to give them a freebie, and tie it
>>to the unpleasantry.  E.g., in SSH, we get a better
>>telnet, and there is only the encrypted version.
> 
> 
> We could just as well say that "encryption of remote server sessions is
> rare in everyday use". It's just that only geeks even do remote server
> sessions, so they use SSH instead of telnet.
> 
> The thing is that email is in wide use (unlike remote server sessions).

Well!  Within the context of any given application,
we can learn lessons.  Just because SSH is only used
by geeks is meaningless, really, we need to ground
that criticism in something that relates it to other
areas.  The fact is that SSH came in with a solution
and beat the other guy - Telnet secured over SSL.  It
wasn't the crypto that did this, it was the key management,
plain and simple.

Telnet was in widespread use - but was incapable of
making the jump to secure.  Just like email.  So if
the SSH example were illuminating, we would predict
that some completely different *non-compatible* app
would replace email.

Hence, IM/chat, Skype, TLS experiments at Jabber, as
well as the OpenPGP attempts.

There are important lessons to be learnt in the rise of
IM over email.  Email is held back by its standardisation,
chat seems to overcome spam quite nicely.  Email is hard
to get encrypted, but it didn't stop Skype from doing
encryped IMs "easily."  Phishing is possible over chat,
but has also been relatively easy to address - because
the system owners have incentives and can adjust.

The competition between the IM systems is what is driving
the security forward.  As there is no competition in the
email world, at least at the level of the basic protocol
and standard, there is no way for the security to move
forward.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list