[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

John Levine johnl at iecc.com
Mon Oct 6 23:07:14 EDT 2025


It appears that iang via cryptography <iang at iang.org> said:
>And sadly, it turned out that email was practically impossible to secure, in large part because everyone's entitled to it, there is
>no cost, and the momentum of unsecured users was too hard to fight against.

The reason we still put up with email is that it's the only service that is
fully federated, doesn't require introductions, and is asynchronous. For decades
people have been saying mail is obviously not fit for purpose and will be
replaced by X, with the X changing every few years. We're still using mail
because none of the X do the things that mail has been doing for 40 years.

By the way, another WKBI is that if all mail were authenticated (what I'm
guessing is the opposite of what you're calling unsecured) the problems would go
away. These days prety much all mail is authenticated by DKIM which puts a hard
to forge domain identity on each message, and it's helped some but not that
much. I think it mostly proves that any walled garden large enough to be
interesting is large enough to contain people you don't want to hear from.
For me, the majority of spam that makes it into my inbox is from fully
authenticated users at Gmail, Outlook, or iCloud.

A related WKBI is introduction, only accept mail from a list of known good
senders, and don't put bad senders on your list. Except that introductions don't
scale. It's not hard to imagine a scheme where when you buy something from a
vendor or subscribe to a mailing list, the two parties securely tell each
other the identities they'll be using to send mail to each other so they can add
them to the introduction list. But nobody does that outside of walled gardens
like WhatsApp. Managing identities at scale is really hard.

R's,
John

PS: I am not saying give up and don't try to make mail better, but I am saying
that there are a whole lot of WKBIs that we know have failed before and it's
unlikely that doing them again will be any different.


More information about the cryptography mailing list