On Sat, Apr 15, 2023 at 12:48 PM John Levine <johnl@xxxxxxxxx> wrote:
It appears that Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> said:
>My proposal is completely decentralized in every respect except one: Alice
>has absolute control over the set of people who can communicate with Alice.
I believe it will work technically, but I don't see why it would be useful.
Mail systems have for a very long time let you only accept mail from
people in your address book, but hardly anyone does that. We have
decades of experince that tells us that the introduction problem is no
easier than the spam problem, and equally that a key reason people
keep using email is that you can communicate without prearrangement.
What makes this time different?
Mail systems are a PITA because every additional feature people try to add is a hack, a kludge with a low probability of working. Email callback loop schemes like Bornstein's don't work because the control channel and data channel are the same and the client has no idea that there are additional semantics associated with messages and so the user is left to remember to do the right thing.
Lacking an authentication layer means that anyone can bypass the controls by impersonating people likely to be in other people's email inboxes. Which is a big reason these schemes died out after they became popular enough to attack.
Being limited to email is another big issue, why should the accounts I use for email, chat, voice, video be entirely separate? Why should they be controlled by my employer or my big tech overlord? Why can't I have one account that I can use lifelong for all of these?
The big problem with callback schemes was that everyone has to connect pairwise to everyone else. To first order, the fact someone has attended an IETF in person is enough to accept email messages from them with a low probability that these are going to be 419 scams or the other criminal solicitations making up 99% of all spam these days.
Traditional friend of a friend schemes fail because they assume everyone in my contacts list is someone I endorse to third parties. Which is nuts. People have been cloning Facebook accounts for ages to bypass these controls.
What this comes down to is having to actually think through the whole system and not design based on past experience and extrapolating out to future returns. The minute investors in mortgage backed securities started to rely on the fact banks only lent to people likely to repay and bought up the loans, the banks had a new incentive to lend to anyone at all and not even bother to check there was a house at all.
The end point I am aiming for is this, people use Everything as an open interoperable service federated infrastructure for E2E secure voice, chat, video, file exchange and mail. They also have their SMTP mail and POTS telephone but these get used less and less as do the non-open interoperable service communications apps.
Businesses will move to Everything because it will be the way to contact customers directly, doctors can share patient confidential data, banks transaction data, etc. etc. without the tedious multiple pass kludges needed today. Instead of annoying the heck out of customers with a telephone service tree that insults them and wastes their time, provide them with a system in which all modalities are seamlessly integrated and the user is always automatically authenticated.
Over time, the legacy systems will wither away the same way that fax has. It won't be quick but it will happen. Why am I going to send SMTP mail to a person who has Everything? The client is going to always pick E2E transport by default and that is going to mean Everything in most cases (no OpenPGP and S/MIME are not going away, mail is only one thing they are used for and probably one of the least important).
Ultimately, an open interoperable service has to win because every walled garden keeps users out as well as in. They are self limiting. The only real question here is whether the open interoperable service that replaces them is mine or someone else's. Given that I seem to be the only person who has built a PKI/TKI with the features necessary to support that, I think I have a chance here.
What I do know is that nobody ever succeeded without making an attempt.
