Failure of PKI in messaging

Leichter, Jerry leichter_jerrold at
Thu Feb 15 10:10:21 EST 2007

| >Banks [use] a web interface, after the user logs in to their account.
| >So, what's missing in the email PKI model is two-sidedness.
| >Fairness.
| Not really.  What's missing is, if you'll pardon the phrase, a central
| point of failure.
| If you can persuade everyone to use a single system, it's not hard to
| make communication adequately secure.  Look at Hushmail; if you
| believe that their internal processes are OK, you can set up an
| account and communicate quite securely with other Hushmail users on
| their web site, or for the more nerdy, you can use SSL IMAP and PGP to
| communicate with their central site.  It's been limping along since
| 1999, I don't know anyone who uses it which says something about its
| actual utility.
| But that's not e-mail.  The great thing about Internet e-mail is that
| vast numbers of different mail systems that do not know or trust each
| other can communicate without prearrangement.  And of couse the awful
| thing about Internet e-mail is the same thing.  It's hard to see any
| successful e-mail system in the future, secure or otherwise, that
| doesn't do that, since Internet mail killed all of the closed systems
| that preceded it.
On the other hand, the push/pull combination of spam and IM/SMS are well
on their way to killing Internet mail.  Spam being what it is, the
notion that "anyone can send mail to anyone" is naive.  Unsolicited mail
stands a good chance of ending up tossed by a spam filter.  The volume
of spam is so high that few people even bother to review the stuff
caught, if their mail provider even provides a mechanism to do that.

Meanwhile, the next generation of users is growing up on the immediacy
of IM and text messaging.  Mail is ... so 20th century.

I think the whole notion of decentralizing *everything* has turned out
to be a trap.  Yes, it makes for great cryptography and system design to
find ways to do without a trusted third party.  But the resulting
systems just don't fit the way people think and work.  Trust has
*always* been based on personal contact, extended to organizations that
work hard to have a "human face" on the one hand, and to various
human-scale, humanly-transparent ways of reifying and rendering portable
the smile and the handshake, from letters of credit to various business
rating organizations (D&B, BBB), and so on.  Replacing that with some
abstract cryptographic system that no one understands, no one can see or
touch - and that ultimately can only be perceived as trustworthy if it
comes from trustworthy institutions anyway - is just a non-starter.

With this shaky base, it should perhaps not come as a surprise that
after all these years of trying, we haven't managed to come up with
human interfaces to these systems that actually allow them to work
effectively in the human world.

Meanwhile, in real terms, it would be interesting to know what
percentage of Email these days flows *between* organizations, and what
percentage remains within individual organization's Exchange servers.
With all the rules already enforced by typical Exchange-using
organizations - not to mention all the new rules being added as
first "compliance" and now "evidence retention and destruction" regs
and the upcoming "information leakage management", more and more
Email systems are taking on the characteristics of the old closed
systems, with only a thin, closely watched pipe connecting them out
to the Internet.
							-- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list