Nelson Bolyard wrote: > a) My own extended family. Years ago, I helped each and every one of > them setup the email clients in their Netscape Communicators to work > with their ISPs' email accounts. I did this when they transitioned from > Netscape to Mozilla too. Today, besides me, only two of them still use > their own MUAs. The rest have switched to web mail. > > b) Kids in schools. I was once very active in getting computer and LANs > into schools in California. Computers in schools are nearly ubiquitous > now. Since all those computers are shared, kids can't and don't run > MUAs on them. By the time the kids get out of school, they are > thoroughly trained (as it were) to use webmail. > I guess that at different parts of the world and different environments web mail doesn't have the same impact. >> Webmail is almost as old as the Internet itself. >> > > Webmail is almost as old as the Web itself, which is much less old than > the Internet or Internet email. Well yes, that's what I meant really...thanks for correcting me on this... > Consequently, access to MUAs that can even > READ signed emails is way down. > They can read signed mail, the encryption and decryption is the problem...but getting back to your kids which use web mail in school: You see, this is just fine for kids and whatever they have to share with others but I'm sure that you won't roll an exchange about your finances over web mail...or other sensitive documents and information. >> And why does encrypted mail not work with webmail? Maybe there is no >> business case? It could work technically. >> > > There are numerous reasons. Here are some: > > a) Web mail gets its money from advertising. This is what I just said above with "there is no business case"...therefore we agree on this. > ISPs KNOW that > signed email has the power to reduce spam, if widely used. (That's why > I suspect that this new scheme must pay them to process signed emails. > Something must offset the lost revenues or it won't interest webmail > providers.) > To all of my knowledge Google offers paid services for mail. Encryption should be part of such a package... > b) Encryption, signing, and signature verification still consume lots of > CPU. Increased CPU cost per message means increased operational cost > per message for the webmail provider, directly reducing the bottom line > (another cost to offset). > Is this really still a hurdle? There are decent hardware accelerators available.... > c) If webmail users are to be able to sign or decrypt mail using the > webmail service itself, their keys must be stored by the webmail > provider. Oh, I could provide a solution where this wouldn't be the case! Would you be interested to hear about it? I'm certain that also Google has that knowledge and it's rather a strategic decision than a technical one... > > Let me put it another way. Remember that I helped all the computer > users in my extended family to setup and use Netscape/Mozilla email > clients. I did that so they could all have access to secure email > (something that people of my parent's generation seemed to value more > than anyone younger). Today, now that they've nearly all switched to > webmail, I CANNOT send them a signed or encrypted email, and they cannot > send any of those to me. (If I send them a signed email, the signature > is lost, and useless to them.) The value of "secure email" is largely > lost to me, even though my MUA supports it fully. > Yes, I understand that! > I'm inclined to back any system that re-enables my kin to use secured > email while they remain devout webmail users. It must enable secure > email between MUA users and webmail users alike. Mail security has to > work for both MUA users and webmail users or it will fail. > Can you provide some financial backing? I'm serious...
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
