On 10/09/2013 08:39, Steve Crocker wrote:
> Yes, I am speaking of what would be possible today with a fresh start. The fresh start would also include signatures and encryption as a required part of the design. (If everyone has to have a key, the key management problems would be greatly reduced.)
Indeed. How one achieves such a fresh start is unclear.
(Excuse my ignorance, but do existing MUAs allow one to edit a body part
that arrived with a PGP signature?)
Brian
> Steve
>
> On Sep 9, 2013, at 4:36 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
>
>> On 9/9/2013 1:27 PM, Steve Crocker wrote:
>>> Actually, I interpret the chemistry professor's comment in a
>>> different light. It would be possible to design a system where:
>>>
>>> o the standard end user software doesn't facilitate editing the other
>>> person's text, and
>>>
>>> o each piece of text is signed.
>>>
>>> The result would be a system where a recipient would know whether the
>>> person who is alleged to have written a piece of the message actually
>>> did so, and the normal mode of use would be to leave things
>>> untouched. Or, if you edit someone else's text, it immediately
>>> becomes your text.
>>
>> The professor's comment was on function, not method. My comment was on
>> the limitations to methods available at the time.
>>
>> In a controlled environment, with good resources, quite a bit is
>> possible. Indeed, server-based "department-level" email products in the
>> 1980s did enforce such restrictions. The single-administration servers
>> had complete control over the message.
>>
>> Distribution with independent administrative authorities makes this a
>> very different game. Enforcement by fiat is impossible.
>>
>> That's where signing comes in, of course. Modify the content and the
>> signature fails. Besides the computational overhead -- which was
>> relatively onerous back when the infrastructure was being established --
>> this requires that the receiver know and demand that the signature be
>> present; this requirement has its own adoption barriers.
>>
>> Starting with a blank sheet and today's technologies, the requirement is
>> possibly feasible to satisfy -- if we ignore the continuing human
>> factors barriers to large scale email authentication. However given the
>> resources at the time the operational service was developed, I think it
>> wasn't.
>>
>>
>> d/
>> --
>> Dave Crocker
>> Brandenburg InternetWorking
>> bbiw.net
>
>