On Wed, Apr 9, 2014 at 11:49 AM, Noel Chiappa
<jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu> wrote:
> From: Phillip Hallam-Baker <hallam(_at_)gmail(_dot_)com>
> a security standard must have no impact at all or it won't be used.
While I agree with the conclusion part ("or .. used"), isn't the first part
sort of internally contradictory? Adding security almost always has some
cost, in that people have to set up the security, etc. (I'm thinking in very
broad terms here - e.g one has to lock one's car/house, enter a security code
to use an ATM card, etc, etc.) OK, so HTTPS has basically zero impact on the
average user - is the same level of user inattention really possible with
email security?
What I currently have is a prototype that makes sending the email
completely transparent except in the case where I either want to only
send the mail if t can be sent encrypted or only if it can be sent
encrypted under particular security guarantees.
That bit is almost complete, I just need to finish one little bit and
its good to go. It works with the mail client you have right now
without any plug in or extension. The outbound mail is redirected
through a proxy which does all the necessary.
The second part is the configuration model. Right now the situation is
that configuration is a one time operation. But it is far from
painless because I am using the legacy clients and the configuration
model is, well stupid. It requires a lot of user intervention and
understanding.
I have a plan that will make that part easier than configuring a mail
client today. i can't make configuring crypto a zero effort operation
but I can make sure you only need to do it once per device (i.e.
subsequent updates are completely automatic). And I can make the joint
task of configuring the crypto and the mail account settings easier
than one or the other alone.
This is the part that I am coding now. It does have impact on the use
piece however since one of the ways I am simplifying the approach is
to have as much consistency as possible. Rather than deal with a
single key or dual keys for encryption and signature I require
everyone have dual keys. This makes it much easier to do recovery from
user blunders or machine failures.
--
Website: http://hallambaker.com/