[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

[iang]

On 06/10/2025 03:46, Henry Baker wrote:

> Apple has positioned themselves as such a protector, but they haven't been doing such a great job when it comes to email programs.

We should recall that email was designed (or emerged) in the terribly benign world of the 70s Internet. In those days it was all hop-to-hop and everyone was part of a university or similar somewhere in a close & documented graph. Anyone remember UUCP email addressing?

Security wasn't built in to the Internet, nor email, it was left as a later step. This was maybe considered reasonable as ISO's 7 layer model said it could be slotted into layer 5 if & when.

And sadly, it turned out that email was practically impossible to secure, in large part because everyone's entitled to it, there is no cost, and the momentum of unsecured users was too hard to fight against. Oh well. So let's sacrifice the beast and move on to better things - which is what the world has done. Now most or all comms that need security are done another way.

iang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251006/48b3d04e/attachment.htm>