[cryptography] [Cryptography] Email is unsecurable

grarpamp grarpamp at gmail.com
Mon Nov 25 13:15:21 EST 2013


On Mon, Nov 25, 2013 at 1:01 AM, ianG <iang at iang.org> wrote:
> On 23/11/13 15:30 PM, Ralf Senderek wrote:
>> On Sat, 23 Nov 2013, David Mercer wrote:
>>
>>> But of course you're right about actual current usage, encrypted email
>>> is an
>>> epic fail on that measure regardless of format/protocol.
>>
>> Yes, but it's about time we do something about that. Do we *exactly know
>> why* it is such a failure?
>
> It's an interesting question, and one worth studying for pedagogical
> motives.  From my experiences from both sides, it is clear that both sides
> failed.  But for different reasons.
> Hence, I've concluded that email is unsecurable.

Obviously. It will never be able to escape the non-body
header content and third party routing, storage and analysis with
any form of patching over today's mail. And it's completely
ridiculous that people continue to invest [aka: waste] effort in
'securing' it. The best you'll ever get clients down to is exposing
a single 'To:' header within an antique transport model that
forces you to authenticate to it in order to despam, bill, censor
and control you.

That system is cooked, done and properly fucked. Abandon it.
What the world needs now is a real peer to peer messaging
system that scales. Take Tor for a partial example... so long
as all the sender/recipient nodes [onions] are up, any message
you send will get through, encrypted, in real time. If a recipient
is not up, you queue it locally till they are... no third party ever
needed, and you get lossless delivery and confirmation for free.
Unmemorable node address?, quit crying and make use of your
local address book. Doesn't have plugins for current clients?,
so what, write some and use it if you're dumb enough to mix
the old and new mail.

The only real problem that still needs solved is scalability...
what p2p node lookup systems are out there that will handle
a messaging world's population worth of nodes [billions] and
their keys and tertiary data? If you can do that, you should
be able to get some anon transport over the p2p for free.

Anyway, p2p messaging and anonymous transports have
all been dreamed up by others before. But now is the
time to actually abandon traditional email and just do it.
If you build it, they will come.


More information about the cryptography mailing list