[Cryptography] Dark Mail Alliance specs?
Tom Mitchell
mitch at niftyegg.com
Wed Mar 26 21:42:08 EDT 2014
On Sat, Nov 23, 2013 at 12:11 PM, Stephan Neuhaus <
stephan.neuhaus at tik.ee.ethz.ch> wrote:
> On 2013-11-23, 13:30, Ralf Senderek wrote:
> > People are using the internet, they are typing sensitive information
> > into textareas and send them off, and on the other hand
> > "/usr/bin/gpg" is installed on almost every server, why can't we make
> > Johnny Average use it?
>
> That is almost exactly the title of a very old paper from 1999's
> Usenix Security. It's called "Why Johnny Can't Encrypt:
>
....
>
> In my opinion, massive user-controlled email encryption will not happen.
> Not now, and not in the next ten years.
> <http://www.metzdowd.com/mailman/listinfo/cryptography>
>
One baby step in this is for the likes of Google and Yahoo to make
accommodation
in user profiles for a GPG signature key set in their system. Not support
full
message encryption but simple signatures.
This establishes an ethic of universal signed and in the future encrypted
messages.
And more importantly exercises key management awareness from user to
mail provider.
Today Google has a "send&archive" button sitting next to a send button.
A sign&send button would be an easy addition. A setup option could
include
the locality of the key and yes locate in the cloud with a pass phrase
could make
sense.
Yes, Baby steps... for sure I had to step on a previous version of this note
because I stumbled on the user interface.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140326/9baa0f00/attachment.html>
More information about the cryptography
mailing list