[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

Henry Baker hbaker1 at pipeline.com
Mon Oct 6 20:03:31 EDT 2025 

-----Original Message-----
From: iang <iang at iang.org>
Sent: Oct 6, 2025 2:42 PM
To: <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software


On 06/10/2025 03:46, Henry Baker wrote: 
Apple has positioned themselves as such a protector, but they haven't been doing such a great job when it comes to email programs.
We should recall that email was designed (or emerged) in the terribly benign world of the 70s Internet. In those days it was all hop-to-hop and everyone was part of a university or similar somewhere in a close & documented graph. Anyone remember UUCP email addressing?
Security wasn't built in to the Internet, nor email, it was left as a later step. This was maybe considered reasonable as ISO's 7 layer model said it could be slotted into layer 5 if & when.
And sadly, it turned out that email was practically impossible to secure, in large part because everyone's entitled to it, there is no cost, and the momentum of unsecured users was too hard to fight against. Oh well. So let's sacrifice the beast and move on to better things - which is what the world has done. Now most or all comms that need security are done another way.
iang


So the best is the enemy of the good.

We don't ask for perfect security on our public roads, but we do appreciate improvements in security.

The change I ask for is pretty trivial -- could be done in 15 minutes by the right person -- probably
which change has *already* been done (perhaps more than once), and which change was subsequently rejected
by someone higher up who was offended by the ugliness of standard email addresses.

I'm often offended by the ugliness of some public road warning signs, too, but I appreciate them
nonetheless.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251007/70e03208/attachment.htm>

More information about the cryptography mailing list