Just wanted to address some peculiar thinking in another thread.
If you are an organization , then you are not a person and you are going to need a human somewhere to configure your IT systems. That can be a person you hire or a person who works for a service that you buy in. Either way, it is not going to be you who does the IT because you are not a person, not even if a notoriously corrupt judge tries to persuade you that you are.
I don't see the 'outsourcing' question as useful because when I was in the business of providing outsourced PKI services, I discovered one of the most common reasons for outsourcing was to neuter an overbearing internal IT dept. In fact my first job as an intern at ICI was scraping outputs from the company owned mainframe so that the managers could actually make use of them on their PCs without grovelling to the IT department. That is what the whole mirco-computer revolution was really about.
There is a problem with SMTP email and there is a problem with legacy phone service. Both are well past their sell-by date because they lack access control. The problem isn't the outsourcing, it is the fact that the only thing keeping the systems working at all is an extensive and complex set of heuristics. It is the need for the outsourcing that is the issue, not the outsourcing itself.
The notion that anyone who knows my phone number is authorized to call me any time of the day or night is stupid on a stick. So is the notion anyone who feels like it can clutter up my inbox.
The notion that anyone with scant technical knowledge can impersonate anyone else via telephone or email is more stupid on a bigger stick.
This has been known for well over 20 years now and yet the IETF/ITU approach to fixing these problems remains unchanged: We just have to clap harder and Tinkerbell will live.
There is a way to fix both problems and it is the same way MIME replaced the fax. Once established, communications infrastructures are near impossible to change. Letter post works in essentially the same way as it did when Sir Rowland Hill invented the Penny Post in 1940. The telephone system works the same way it did since Alger Strowger got upset with rivals stealing his business.
The only time things change is when there is a completely new technology. Which there is, it is called WebRTC and once complete it will be very close to being a means of replacing SMTP and the telephone.
All that WebRTC lacks to replace the telephone is a mechanism to place calls. Which not coincidentally, is exactly what I am working on right now.
So there has to be a means by which Alice can click on Bob's contact in her address book and set up a synchronous call with chat and/or voice and/or video modalities. And there has to be multiple means by which Alice can acquire Bob's contact. And these all have to establish end-to-end secure communications. Which means we need some sort of PKI. I have spent most of the past 30 years designing PKIs.
OK, so that is the telephone done, what about SMTP? Well that is just a matter of adding in an asynchronous mode to the call setup. So instead of setting up an interactive WebRTC session, we save the text message, the voice or the video, post it to some collection point and send Bob a note where to pick it up.
Do that, and your replacement for the phone system also replaces SMTP mail. Not immediately but over time.
Provided, that is, the system is open like SMTP and the telephone system. SMTP is not going to be replaced by anyone's walled garden. The system has to be open and Alice has to be able to change her service provider at any time without the old service provider cooperating and without losing all her contacts.
