[Cryptography] PGP-Signed Email

[Jason Richards]

Phillip Hallam-Baker:
> Jason Richards:
>> Phillip Hallam-Baker:
>>> ​I disagree with the analysis. Signed email is no more complex if
>>> every mail is signed and will be rejected otherwise. At that
>>> point, the complexity is reduced because spam is a very different
>>> issue.
>>>
>>> A more precise analysis would be signed SMTP mail is more complex.
>>
>> I read the analysis as being about the complexity of presenting
>> information to the user. Does a signed email mean that it came from
>> the sender? It should, however it doesn't.

[ Snip a bunch of commentary that I don't quite agree with, however ...]

> ​All we need then is a set of mail clients that will transparently
> switch from legacy SMTP transport to JMTP when needed.​

This is indeed where I think we need to go. I know many people who do
this manually now, e.g. "let's discuss this via Signal or Wickr rather
than via corporate email". Making this automatic in a fashion similar
to cipher suite and protocol negotiation would be a large step forward.

I do see some complexity in customisation, e.g. how a user or an
enterprise specifies which services they support and in which order or
preference, however this would be a much better problem to solve than
the problem of better securing email.

J