10 comments

[ 299 ms ] story [ 389 ms ] thread
I think the end-to-end encryption of email is an important problem, but even more important (IMO) is that email is no longer decentralized by any reasonable standard.

The reason, if I had to guess, is probably primarily because of spam. But these days, with ubiquity of high quality encryption standards in place in most other realms of the web, why not in the validation of email transmission between servers?

Here's an idea. Even if we generally still only have encryption at the protocol level in email, why not incorporate a new header into the email message itself (let's call it signature). Now anyone who deploys their own email server can deploy their public key(s) for email in a TXT record in DNS, and any recipient of email can now (for most practical purposes, without substantial work on the part of the malicious hacker) guarantee that the message was sent by who the sending server says it was sent by.

I think a wide-spread open standard as simple as this could help re-decentralize email while not causing additional fear that spam will again make our lives miserable.

isn't that exactly what DKIM is?

"DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature."

https://tools.ietf.org/html/rfc6376

I think this misses two main arguments for increased use of end to end encryption.

1. It reduces the behavioural entropy of people who really need it (journalists, lawyers etc)

2. It makes mass surveillance much harder.

Yes, if the NSA/FBI are after you, they can access your devices directly. But ubiquitous strong encryption is still a Good Thing.

Exactly. Imho, the true nuances of the outrage over NSA collection were never that they could do it. That was assumed. It was that they could and were doing it to (for all intents) everything.

Herd encryption isn't intended to make it impossible for them to gather intelligence. It's intended to make it impossible for them to indiscriminately gather dragnet intelligence.

can someone provide a compelling reason why the SMTP protocol does not have a command to retrieve public key certificate for a given recipient email address? Or a weaker alternative that provides the same cert for all addresses in the domain?
I have to admit, I had to look up JMAP. Seems like it's a bit of a one-off solution, though there are promising benefits that I can immediately see over IMAP.

I think it should be a data driven call - how much call is there for JMAP support, and how much call is there for Encryption? Multiply each by some factor, say, the inverse of an estimated cost to implement, and you should have a rather reliable answer of which is a higher priority.

Perhaps more importantly, don't trust "The overwhelming consensus" when it comes to security - we laymen either don't understand the implications to our society, or feel it's a reasonable tradeoff since they have "nothing to hide". Trust people who specialize in security. Send an email to Schneier, tptacek, and others and see how important they believe it is for the world to have easily accessable end to end encryption for communications.