[Cryptography] (no subject)

Kevin W. Wall kevin.w.wall at gmail.com
Sun Nov 24 16:43:03 EST 2013 

On Sat, Nov 23, 2013 at 5:58 PM, Stephan Neuhaus
<stephan.neuhaus at tik.ee.ethz.ch> wrote:
> On 2013-11-23, 21:45, Ralf Senderek wrote:
>> I doubt all three assumptions.
>
> Fair enough. I have just put an entry in my calendar for November 30,
> 2023, to check if email encryption is now widespread.  I'll let you know.

I would contend that the failure of widespread encrypted email may not be
as a result of the veracity of any of these 3 assumptions, but rather
we could fail to see the widespread use of encrypted email for several
other reasons, such as:
1) The _general_ public just doesn't seem to care. Most of my non-technical
    friends do not seem that all upset with (for example) that the NSA can
    read anyone's email for any reason without a court order.
Unfortunately, their
    normal reaction is still one of "I have nothing to hide" rather
than "this is a
    violation of my constitutional rights" (for US citizens). If this
attitude persists,
    the general public will see no need for increased email encryption
and likely
    will not even accept it unless it is completely transparent to
them. (And that
    transparency is not only from a UI perspective, but also from a
troubleshooting
    perspective when things go wrong.)
2) Since a significant portion of email communications originate from email
    within corporations, those very same companies will likely to continue (or
    even increase) their resistance to their employees sending encrypted mail
    from within their companies. For example, a significant number of companies
    already prohibit sending out PGP or S/MIME encrypted emails from their
    corporate email gateways because of DLP concerns. Some prohibit it
    entirely and some only allow it only to between certain originating parties
    and recipients.  Other companies are going beyond that and either disallow
    web-based mail services or claim their rights to man-in-the-middle
them based
    on company policy and (implied) employee consent.
3) There is not going to be a wholesale switch to some new email protocol, MUAs,
    or MTAs, so whatever replaces these things will have to be able to support
    non-encrypted email as well. Furthermore, it very well may be
several decades
    until all older MUAs and MTAs that do not support encryption (or
that can only
    support it from additional plug-ins) can be completely replaced
with those that do.
    I also believe that standing up new MUAs, MTAs, and email
protocols to replace
    the existing ones will never work because it is unlikely that they
will ever gain
    critical mass toward widespread adoption that way. Therefore, I
think that we are
    stuck living in our sand castles until we can buttress it with
with heavy crypto.

So, in a nutshell, I don't think that email encryption will be widespread in the
future either, but for reasons other than what originally was hypothesized.
Besides, the granny argument isn't sound for one reason alone. If these
concepts were important enough to people, eventually they would be taught
in schools (or else somehow be made completely transparent) so long in the
future it would no longer true for sufficiently large numbers of grannies. (The
human race will learn whatever it needs to survive and communicate even
if it is something complex.)

Regards,
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.

More information about the cryptography mailing list