Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!decwrl!limbo!taylor
From: db@East.Sun.COM (David Brownell)
Newsgroups: comp.society
Subject: Re: Mail security
Message-ID: <1670@limbo.Intuitive.Com>
Date: 29 Jan 91 02:59:28 GMT
Sender: taylor@limbo.Intuitive.Com
Lines: 30
Approved: taylor@Limbo.Intuitive.Com

Curt Sampson asks a good question about a comment of mine:

>> .. look at the issue of getting such a mail system going.  It's
>> equivalent to starting an entire new mail network ...

> I don't see why you would have to start an entire new mail network.

  (Suggestion of RFC-822 'Encrypted:' header field deleted.)

I was actually implying that technique; the point being that all the leaf
nodes (readers and senders) need to get educated about the a variety of
message encodings.  The new network isn't message passing infrastructure,
it's a social one of agreements and conventions.  (That was a hard part
about getting the railroad, telephone, and RFC-822 networks going too!)

There are two practical problems here:  first is coming up with standard
ways of sending encoded messages; second is widely distributing programs
to understand those encoded messages.  There are lots of proposals for the
first, some exactly like Curt's suggestion; but it's the second part
that'll make it happen (or not).

The "multimedia mail" folk have similar, but simpler, problems.  Reading
a wordprocessing document you got in email requires knowing only decoding
rules.  Reading an encrypted message also requires, as Curt alluded, a key
distribution system to be in place.  For some people, a shared password
is fine; you can send such messages today if you've got the social support
in place so your recipient can apply the right key and algorithm.  Others
want a public key encryption system, which is more difficult.

Dave Brownell