[Cryptography] PGP-Signed Email

Phillip Hallam-Baker phill at hallambaker.com
Sat Aug 26 10:24:26 EDT 2017 

On Sat, Aug 26, 2017 at 12:12 AM, Jason Richards <jjr2 at gmx.com> wrote:

>
> Phillip Hallam-Baker:
> > ​I disagree with the analysis. Signed email is no more complex if
> > every mail is signed and will be rejected otherwise. At that point,
> > the complexity is reduced because spam is a very different issue.
> >
> > A more precise analysis would be signed SMTP mail is more complex.
>
> I read the analysis as being about the complexity of presenting
> information to the user. Does a signed email mean that it came from the
> sender? It should, however it doesn't.


​The comments were about OpenPGP which is problematic in the extreme when
it comes to the trust model. PGP was pretty good PRIVACY and crap
authentication. And authentication is vastly more important. But that is OK
in a 1990s tech.​

​If a message is signed using S/MIME, we have a fairly good trust chain
that can tell us that a message came from a sender working for Fidelity
Investments or Bank of America. It is not perfect but it is good.

And here is the problem I have with amateur usability analysis, and much
professional for that matter: Usability is nowhere near as difficult as
some people make it out to be, just think.


Take the mental midget that designed the Siri/Apple Maps interface.

"Directions to Home"​
​Would you like directions to home?
"Yes"
Are you really sure
"Yes"
Here are directions to home
<press start>
Directions shown​
<press go>

I might be off by one but it takes at least four interactions to start the
directions and three to stop them.

If that is how bad what is meant to be a user experience professionally
engineered by one of the top usability companies can be, we don't need to
be scared of it.

The real reason that Apple used to be good was that engineers used to know
that if they produced crap, Steve would throw it at them.


​We do not need to be at all worried about giving users information that
has a 1% chance of being wrong. Today those users are 100% sure of the
authenticity of information that anyone can fake.

If we can't achieve the security requirements within the constraints of
SMTP then we need to change SMTP. It is not impossible. tens of millions
have moved to proprietary messaging systems that are secure within a walled
garden. Making an open system that provides the same security enhancements
is not difficult.

Any system that supports public key encryption of async messages has to
solve the problem of distributing public keys. Now if I have Alice's
fingerprint in my contacts directory, we can easily see how we can convert
that to a record with the current public key. And if we have that, we can
also have a note that says Alice also supports JMTP mail which is a
protocol I just made up. ​


​All we need then is a set of mail clients that will transparently switch
from legacy SMTP transport to JMTP when needed.​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170826/a35acc15/attachment.html>

More information about the cryptography mailing list