On 1/1/22 3:57 PM, John C Klensin wrote:
I think that, ultimately, there are two key problems. First, as you and Ted both pointed out, there is "no way to please everybody", which means that these deployments are all optional and certainly not universal.
And _cannot_ be universal. Though they could be widely enough adopted to be useful.
(I'm not really interested in defeatist arguments. I'm much more interested in constructive arguments like "here's one particular problem, how can we solve it or a good part of it?")
Second, if we care about identities and authorization (and not only about encryption), then we either need to make credentials and their management easy enough to convince users they care, to be educated about the issues, and to be willing to put in the effort_or_ the situation turns into a "who do you trust" exercise.
I don't think the latter can actually be solved. There will never be (and never should be) any party who is universally trusted to authenticate everyone's public keys. So the problem should be either considered out-of-scope or perhaps a challenge for user interface design. That's not a happy answer, but the real world never works as cleanly as we'd like. We can't always be absolutely certain about the validity of signatures on paper either, but they're still useful.
As for making credentials management easier, I believe this can be done, but not if people insist on it being perfect. For example, it's difficult to store a private key securely if you also insist that the key be recoverable if the device where it is stored is damaged or lost. There are lots of potential compromises for addressing that problem, but none of them will suit everybody. So each individual might need to make their own choice, and different enterprises will choose different solutions for managing their principals' keys.
The real challenge, I believe, is not to create a perfect email encryption system, but to make the strengths and weaknesses of the system easy for ordinary people to understand.
If there is a magical and painless solution to either of those problems, one that also would scale to a major fraction of the world population or even the Internet user population, it has not been greatly in evidence.
Right, but that's not evidence that it cannot be done. It may instead be evidence that nobody has tried to solve the right problem yet.
(or maybe there are people trying to keep that problem from being solved) Keith
