jwz -
Netscape 4.0 was not my fault. During that dark period, I worked with Lisa Repka on S/MIME, Netscape's implementation of the then-new standard for cryptographically secure email. At the time, I was very glad that we managed to ship this before the U.S. Government had gotten around to making it illegal for us to do so. (And yet, all these years later and still nobody ever encrypts their email...)
This makes me wonder, why don't mainstream email clients (Apple Mail, Thunderbird) encrypt our mails by default?
Answer
Because it's not trivial for users.
E.g. I have a lot of different work places with different clients (gmail web interface, thunderbird on my notebook, kmail on home desktop, gmail on android device), and this is not uncommon even for non-technical persons. And I have a lot of questions and have to pay a lot of attention for my private/public keys (if I want to encrypt e-mail):
- How do I sync my private keys between them?
- How do I invalidate compromised key?
- How do I ensure that everyone I'm sending email to have my public key?
- How do I remove my keys from lost/stolen phone?
And so on. There is no simple solutions for this problems, and I can't imaging simple, reliable and compatible with standarts solution even theoretically.
No comments:
Post a Comment