[Cryptography] Email is securable within a coterie [was: Email is unsecurable]

[ianG]

On 3/12/13 22:59 PM, StealthMonger wrote:
> ianG <iang at iang.org> writes:
>
>> On 25/11/13 13:07 PM, StealthMonger wrote:
>>> ianG <iang at iang.org> writes:
>>>> But, there are other reasons...
>>>> For example, consider traffic analysis or metadata or mass surveillance...
>>>> Then, look at the design of email...
>>>> Then, webmail...
>>>> Then, the assumptions of email...
>>>> Hence, I've concluded that email is unsecurable.
>
>>> None of these objections apply to mail within a coterie (as most email
>>> is) where the parties agree out of band to suppress non-essential
>>> headers and to properly use anonymizing remailers and message pools.
>
>> I entirely agree that if you put all that in place, it will work.  Mail
>> is theoretically securable.
>
>> What I would question is whether we can agree on how to get to that
>> place (IETF committees, PHB v. Dark Alliance, S/MIME v. PGP, etc etc),
>
> But we're there now!  Have been for over 15 years!  The well-known
> mixmaster remailer network and the Usenet alt.anonymous.messages message
> pool.  No need to wait for IETF or anything.


No, you have to get the support for those tools into popular GUI 
clients.  E.g., Thunderbird.  If you want ordinary people to be 
protected, the GUI clients have to be delivered with the solution 
already installed and enabled.

If you talk to say Mozilla, they say that they follow standards, they 
typically don't do any new / original security work.  It's in the 
manifesto!  (Microsoft will probably say, show us the money!  Google 
will probably say, show us the data ;) )

So you have to then go to IETF and get them to implement a standard. 
E.g., OpenPGP followed this route....

Then you have to go back to Mozilla and convince them to implement, or 
let you implement.  Then you're get mumble mumble plugin mumble.

We're facing realpolitik & economics, not a technical challenge.  Good luck!



iang