Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!bu.edu!olivea!decwrl!limbo!taylor
From: db@helium.East.Sun.COM (David Brownell)
Newsgroups: comp.society
Subject: Re: Mail security
Message-ID: <1635@limbo.Intuitive.Com>
Date: 17 Jan 91 01:19:48 GMT
Sender: taylor@limbo.Intuitive.Com
Organization: Sun Microsystems, Billerica MA
Lines: 43
Approved: taylor@Limbo.Intuitive.Com

In article <1618@limbo.Intuitive.Com>
	bradley@cs.utexas.edu (Bradley L. Richards) writes:

> A question which has been bothering me lately:  with readily available
> public-key algorithms, why hasn't the idea of secure mail caught on?

At the risk of being oversimplistic, there are two issues here:

    *	Implementing an encrypted mail user agent (which on most
	UN*X machines would be MH or /usr/ucb/Mail or somesuch);

    *	Running networks using such user agents.

Perhaps the encryption could be done by a transfer agent in an
OSI-style architecture, but I think it's fair to assume the current
(crufty, limited) /usr/spool/mail architecture for illustration.

 
> It seems a simple matter to implement public key encryption, using a
> standard algorithm (e.g., RSA), so that one could send a secure
> message merely by providing both the recipient's mail address and
> their public encryption key.

Agreed, the first of those issues is not "hard":  the technology is
well understood, it's "been done before" (repeatedly, unless I miss
my guess).  However, the second issue seriously dwarfs the first.

Believe it or not, most sites don't want to pay the price for security.
It's something else to manage, something else which will break and hence
needs troubleshooting (by rather sophisticated staff), and (to most sites)
offers no direct benefits -- it's pure overhead.

Moreover, look at the issue of getting such a mail system going.  It's
equivalent to starting an entire new mail network, replacing the one
you're using now ... the I14Y (interoperability) issues are exactly
that complex, since each mail reader and sender would need to know how
to encrypt and decrypt the messages.  (Assuming there's only one way
that a message will be encoded ... which seems pretty unreasonable.)

Also, one hint about how useful such mail is:  who uses the current
secret mail system xsend/xget?

Dave Brownell