On 9/6/13 12:54 AM, t.p. wrote:
----- Original Message -----
From: "Phillip Hallam-Baker" <hallam@xxxxxxxxx>
Cc: "IETF Discussion Mailing List" <ietf@xxxxxxxx>
Sent: Friday, September 06, 2013 4:56 AM
The design I think is practical is to eliminate all UI issues by
insisting that encryption and decryption are transparent. Any email
that can be sent encrypted is sent encrypted.
That sounds like the 'End User Fallacy number one' that I encounter
all the time in my work. If only everything were encrypted, then we
would be completely safe.
Actually, I disagree that this fallacy is at play here. I think we need
to separate the concept of end-to-end encryption from authentication
when it comes to UI transparency. We design UIs now where we get in the
user's face about doing encryption if we cannot authenticate the other
side and we need to get over that. In email, we insist that you
authenticate the recipient's certificate before we allow you to install
it and to start encrypting, and prefer to send things in the clear until
that is done. That's silly and is based on the assumption that
encryption isn't worth doing *until* we know it's going to be done
completely safely. We need to separate the trust and guarantees of
safeness (which require *later* out-of-band verification) from the whole
endeavor of getting encryption used in the first place.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478