Talk:Email

From OLPC
Revision as of 00:06, 22 February 2007 by AlbertCahalan (talk | contribs) (Security issues)
Jump to: navigation, search

Security issues

Using OpenPGP would have been a reasonable choice in 1995, at this point though it is not the mainstream email security solution. Every major email package in widespread use supports S/MIME as an integrated function. OpenPGP is only supported as a plug in.

More fundamentaly though PGP and S/MIME have both failed to attract the level of use that they should. The proportion of email that is secured with either is negligible. Less than 1% of email users are aware that they exist, less than 1% of users are regular users.

I would strongly suggest that you look at domain level security solutions as the primary security scheme. End to end security would be nice but the current generation of user interfaces simply don't cut it. More email is authenticated using DKIM than S/MIME and PGP combined and more email is secured using SSL at the SMTP, POP3 and IMAP levels than both combined. Managing per-user keys is a lot of complexity for not very much return.

The primary objective should be for email to be sent secure by default without any user intervention. The first priority should be to encourage use of security. The perfect 'end to end' crypto system has proved to be much less useful and much less secure than the good domain based model.

The other advantage to this approach is that you are much more likely to get the laptops accepted by the more repressive governments with built in hop by hop security than with end-to-end. Remember that the objective here is to spread knowledge and learning, not cipherpunk style crypto-anarchy. An educated, informed population is much more of a threat to despotism than a few copies of PGP.

Although SSL for ecommerce requires a CA issued certificate there is no reason that a self signed certificate could not be used. If you need to further authenticate the certificate work from a trust anchor embedded in the DNS. --Hallambaker 23:10, 3 August 2006 (EDT)

It needs to be fully automatic, like ssh. By default, sign outgoing emails. Place the public key in the headers. As incoming emails arrive with public keys in the headers, store them for later. Incoming emails are considered good if a previously saved public key identifies the sender or if there is no previously saved public key. The other case, when there is a previously saved key and the email doesn't validate, causes the email's sender to get shown with a big question mark or similar. (according to locale; a question mark is correct for many Western languages) AlbertCahalan 23:06, 21 February 2007 (EST)
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=Talk:Email&oldid=25618"