15 May 2012 05:36
Re: email at scale
Dave Crocker <dhc2 <at> dcrocker.net>
2012-05-15 03:36:44 GMT
2012-05-15 03:36:44 GMT
On 5/14/2012 3:59 PM, paul vixie wrote: > On 5/14/2012 1:24 PM, Dave Crocker wrote: >> On 5/14/2012 12:43 AM, paul vixie wrote: >>> the people who are willing to put that much effort into their e-mail >>> communications are few and far between. we can build for utility at >>> scale, or privacy and authenticity at scale, but not both. >> >> I think we do not have an existence proof for privacy and authenticity >> at scale. > > i would have said that your messaging work at compuserve qualified as > such, dave. in fact that was one of the visions in my head when spoke > the words, 'walled garden'. 1. I never worked at compuserve, but I'll guess you meant MCI. 2. MCI Mail had no interested distributed security technologies that are relevant here, that I can think of. Please note that I'm imposing a particular meaning for "scale" that has has less to do with number of users than with number of independent administration and lack of central control (except perhaps a central control for a registration hierarchy.) >> A common view is that good security cannot be easy to use. It might >> even be true. > > i know that incompatibility, i just think in the other direction. > anything that's easy for a human to use will also be easy for all of the > malware infesting that human's devices to use. There's an inherent and even obvious logic to that view. And I can't provide anything like an adequate contrary proof. But I believe it isn't true. I'm pretty sure I mean that as an engineering, rather than religious, belief. There's probably also some adjustment to the definition of 'security', and no, I can provide details for that either. (and thus, neither secure > nor securable). something that's easy for way-way-way-smarter humans > (for example, my kids and their friends) is likely to borderline > unusable by me (and maybe even by dave). the tension is, as one ratchets > up the minimum skill level required then security goes up but utility > (by definition) goes down. > > anyway this isn't history (sadly). except the long history of failure in gaining adoption for strong security technologies over the open Internet, for a sufficient range of features. d/ -- -- Dave Crocker Brandenburg InternetWorking bbiw.net
RSS Feed