[Cryptography] Dark Mail Alliance specs?

[Bill Stewart]

At 04:30 AM 11/23/2013, Ralf Senderek wrote:
>> > > But of course you're right about actual current usage, 
>> encrypted email is an
>> > > epic fail on that measure regardless of format/protocol.
>
> > Yes, but it's about time we do something about that. Do we 
> *exactly know why* it is such a failure?

It's about user interfaces and key management.
If you want to send encrypted email to Alice,
you need her keys, so there needs to be a key fetching UI somewhere,
and you need to have your mail system associate Alice's keys with her 
email address,
and have it do something appropriate if you're sending one message to 
multiple recipients,
especially if you have keys for Alice but not Bob, or if a recipient 
is a mailing list,
and if you want to send signed email, you need to have a way to get 
your keys to the recipient,
and ideally you'd like to have a way to validate those keys, though 
even first-use is a start.
If you do build a key management system, it needs to be able to feed 
into the email

James Donald's Crypto Kong did an interesting job of unintrusive key handling;
using ECC meant that the key was short enough to fit in a couple 
lines of base64 text.

At $DAYJOB, we're using the Voltage Secure Mail plugin for Outlook,
which provides a Send Secure button in addition to the regular Send button,
integrates with the Exchange system's Global Address List,
and lets recipients who don't use it fetch messages from an https URL.
And almost nobody uses it either :-)

You also need to do something appropriate for webmail systems.