Post by TheoPost by HugeHaving been involved in setting up at least two secure email systems for
a large corporate to communicate with its customers, I can assure you
that PGP is *way* too complicated for the average member of the public
to use. Hell, it's too complicated for a lot of IT literate people.
The only way
I should have included the words "end-to-end" here. One of the things we
did at ${MEGABANK} was slowly, over a period of years, enforce mandatory
TLS on all outbound mail (if your recipient couldn't do TLS, your email
bounced back to you with an error message). We had to do it slowly
because you'd be amazed (and horrified) how many institutions couldn't
(or wouldn't) use TLS for email, and how long it took them to fix it. We
had opportunistic TLS incoming as well, and the email system added a
"padlock" icon to the displayed email; closed if it had been sent using
and open otherwise.
It also took a long time because of the user and helpdesk education
required. I spent a lot of time flying round the world presenting about
email security to managers, both IT and business.
We also put in a PGP Universal server, which worked so poorly (for all
kinds of reasons, most of them non-technical) that we took it out again.
I'm still scarred by the whole experience. :o)
Post by TheoPost by Hugeencrypted email will ever become ubiquitous is if
it is transparent, automatic and the default.
Completely agreed. But the solution should be to fix the UX (maybe by not
using PGP) so that all email is 'secure' (FSVO), rather than individual
companies balkanising into each building their own 'secure message' system
which doesn't talk to anyone else's secure message system.
See above. TLS solves this. But what it doesn't do is provide end-to-end
encryption, which is required in some regulated industries. Oh and you
also need to provide for legal discovery, even if the people have left and
deleted their keys and key recovery for when your users forget their
passphrases. It's a nightmare.
Post by TheoAs well as bad consequences for things like legal action (if I sue my bank,
the bank can make all the correspondence disappear) it has the problem that
I can't initiate a three-way conversation between bank A and bank B about,
say, a missing transfer. In real life it forces people to do silliness like
calling each from two phones and putting speakers to earpieces.
Building decentralised systems is hard - but that's not a reason not to do
it.
True. But it still gives me nightmares.
(Not really. I'm retired. I no longer GAS, except as an end user.)
--
Today is Pungenday, the 6th day of The Aftermath in the YOLD 3183
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.