On Fri, Apr 29, 2022 at 11:20 PM John R Levine <johnl@xxxxxxxxx> wrote:
> It will certainly be an unpopular thing to say but I will say it: Protocols
> wear out over time.
In principle I wouldn't disagree, but in practice I don't see how we
migrate from SMTP to SMTP++ or whatever.
The devil is in the deployment. That is why I have always had a deployment plan and designed for deployment.
First: The Web succeeded, every other network hypertext scheme failed. Tim Berners-Lee knew what he was doing, he calculated his moves. I watched him and I am copying the same approach.
At this point, I have running code:
It is not a replacement for SMTP at this point. It does contain a messaging system but that is limited to messages of 32 KB. It does not compete with SMTP or even SMTP+S/MIME. It is a secure messaging layer for supporting asynchronous workflow interactions. That is something which has value in the enterprise as a basis for automating clerical processes.
One big failure in the IETF way of doing things is to limit the scope so the deliverable doesn't come close to being a minimum viable product. Another is that discussion of the UI is out of scope. Both doom efforts to fail.
The Mesh is not a vast amount of code, in fact the code base has shrunk considerably over the past three years. But the functionality is now comprehensive. Mesh users currently get:
* An end-to-end secure password vault.
* A contacts directory that automatically updates.
* A means to secure data at rest and easily share it with their co-workers.
* Management of keys and credentials over all their user and IoT devices.
* End to end secure sharing of bookmarks, network configs, application credentials across devices.
* Provisioning of OpenPGP and S/MIME keys.
* A 2FA replacement that is better than anything on the market today.
I am currently working on adding:
* The ability to create life-long callsigns that do not expire and do not require 'rent'.
* An end to end secure messaging client with text, voice and video modalities.
* A GUI management tool to replace the linemode.
* A Web browser that has the bookmark and password management integrated.
My profound gratitude to the folk at Microsoft whose .NET7, MAUI and WebView2 platforms enable me to produce demoware that is close to production quality in a remarkably short space of time. The first iteration of the Web Browser took less than a day and the skeleton was up in under an hour.
The big difference between my work and others in the industry is that I have no shareholders. I am not building a walled garden designed to acquire a group of users and bind them to my service. Mesh accounts are fully portable. There are no switching costs. If Alice decides she is fed up with service from Mathmesh.com, she can move to a rival and take all her data with her. The contact details and forwarding addresses all update automatically.
You know as well as anyone that for decades people have been saying e-mail
is dead, everyone uses X instead, but the X keeps changing and e-mail is
still around.
And here is how I plan to unthrone SMTP.
First get people to make use of my contacts book to exchange signed context assertions which can include the credentials required to establish end-to-end secure communications by means of any messaging, chat, mail etc protocol. So your Skype, Signal, WhatsApp, SMTP, OpenPGP, SSH, S/MIME etc contact info can all be presented in a contact.
[NB, this email is going to be too long as it is without folk quibbling about whatifs. Yes Alice can create separate contacts so she only exposes her email address and phone number to a select number of important contacts.]
Alice and Bob can exchange contact information in various ways. They can do so directly if they meet in person and bump phones. There used to be a wonderful app for that until Yahoo bought it up and shuttered it. Yes, iPhones can bump to iPhones via airdrop but that is a walled garden.
Alternatively Alice can put a QR code on her business card and Bob can scan it. Alice can send Bob an email with a link.
Support for cases where Alice and Bob interact directly is relatively straightforward. But for cases where there is an employer, I need PKIX style capabilities. And for cases where Bob is going to get Alice's contact information from Carol, I need a really short, really easy to use identifier with the absolute minimum of clutter. Which is where my callsign registry comes in. This allows Carol to tell Bob to contact @alice.
So at this point, if everyone is using my contacts book, the conditions have been created that make the emergence of SMTP+ inevitable. Because Alice's contact details will contain both her RFC822 SMTP address and the contact details for email+.
The way I see email+ initially getting traction is within enterprises. 80% of the employees in most large enterprises have little or no email interaction with external users in an enterprise setting. So having one email protocol for internal emails and a separate protocol for external communications is entirely practical. In fact this is already the case with Outlook and Exchange. Adding an extra protocol handler to Outlook and Thunderbird is actually pretty straightforward.
Once the switching costs for deploying a new email protocol are addressed, the only thing we need to add is some advantage for the new scheme. This is really not a problem. Mesh Messaging is limited to 32KB but messages can contain a link to an attachment of any size. So while I don't have code yet, I know what advantages Mesh Mail can provide:
* Every mail is signed, no spam impersonating the ceo
* Every mail is end-to-end encrypted
* Every mail is subject to access control, no spam from unauthorized parties
* Mail messages can be of any size because large messages are pulled, not pushed.
* Mail messages integrate into workflow.
If this type of open, mail messaging scheme gains ground inside enterprises, it will start being used between enterprises as well.
Seems worth a shot.
PHB