Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Abandon e-mail!
Kelly Martin, 2006-05-30

Story continued from Page 1


I'm a messaging junkie. Today's store-and-forward e-mail is fundamentally broken, but I still like the concept very much. Instant messaging is too instant, and peer-to-peer networking is, ironically, too anonymous. Video conferencing is fantastic – if it's someone you know, and they're online (and you've combed your hair). Written communication is never going away. We're tied into an antiquated e-mail system that needs to be abandoned and replaced.

I would love to see a secure e-mail system that did all the hard-crunching on the client and perhaps generated a unique private-public key for each piece of mail, without user interaction. However it is done, let's make it rather mathematically difficult to send e-mail, and even more difficult to send email to many recipients – while the process remains very simple to the end user. Make it a requirement that one mail sent to a thousand recipients securely would require a very fast client doing unique encoding, hashing, compression, and encryption on each piece of mail just to send it. I enjoy the thought of a spammer needing a giant Bewolf cluster ranked rather high up in the Top 500 list of supercomputers to send one piece of spam to ten million people. At that point, the source of spam and the spammer himself would be a little bit easier to track down.

Simply complex

Before you skip to the end of this column and submit your comment, telling me that I'm crazy or uninformed, understand that I realize the problem with e-mail is very complex. It would be nice if the solution "appeared" to be rather simple. I've spent the past 18 years with an email address of some sort, dating back to 1988, and I get more e-mail than most. But like most people, I'm just an end-user of e-mail and it's very clear that e-mail is a sinking ship. And millions of people were online in the 1980s before me.

Getting e-mail clients to work with a new infrastructure will be a major hurdle, and the plumbing itself will take some time. Getting major ISPs and Yahoo Mail, Gmail and Hotmail to adapt an open solution will be even harder. Fine. There are many technical hurdles. But time and again, truly innovative technology will catch on. With the rise of the web, HTTPS and SSL, Napster, SSH, BitTorrent, and so much more, superior technologies have created many new storms.

With all the security problems stemming from 1981's nuclear explosion of SMTP, it seems only fitting that the bright minds in the security community should develop the Internet's next killer app.

A gateway

Far too much effort is spent preserving today's name@somewhere.com format, to the exclusion of everything else. The @ symbol was a novel hack, so let's find a similar new one.

Maybe I'm dreaming, but a gateway from e-mail to a new secure e-mail infrastructure, electronic identity or e-num system might be the first place to start. Perhaps using one of the reserved symbols first outlined way back in RFC 821 or 822, whether it's a bangpath secure!name@somewhere.com, or secure?name@somewhere.com or name=secure@somewhere.com might work – but it would have to degrade nicely with current email systems. However it's done, a very simple, elegant solution would be a fantastic way to start.

I'm confident that there is no solution using today's massive e-mail infrastructure problems, because so many bright people have been working on it for such a long time. Maybe I am indeed dreaming that we can "abandon" today's e-mail SMTP much like the Usenet's NNTP was "abandoned" years ago for something better – because that "something better" for e-mail still doesn't even exist.


Kelly Martin has been working with networks and security since 1986, and he's editor for SecurityFocus, Symantec's online magazine.
    Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Comments Mode:
Abandon e-mail! 2006-05-31
Anonymous (6 replies)
Re: Abandon e-mail! 2006-05-31
Anonymous
Re: Abandon e-mail! 2006-05-31
Stephan Sokolow
Re: Abandon e-mail! 2006-05-31
Paul
Re: Abandon e-mail! 2006-05-31
Anonymous
Re: Abandon e-mail! 2006-05-31
J
Re: Abandon e-mail! 2006-07-27
Anonymous
Rubbish! What are the probIem ISSUES ???? 2006-05-31
Dom De Vitto (1 replies)
Abandon e-mail! 2006-05-31
Kevin Black (1 replies)
Re: Abandon e-mail! 2006-06-01
PDC (1 replies)
Re: Re: Abandon e-mail! 2006-07-12
Anon
Babies and bathwater 2006-05-31
Anonymous
Abandon e-mail! 2006-06-01
Anonymous
Abandon e-mail! 2006-06-01
Anonymous (1 replies)
Re: Abandon e-mail! 2006-06-04
Anonymous
Abandon e-mail! 2006-06-01
Erik N
Abandon snail-mail! 2006-06-01
Phlash (1 replies)
Re: Abandon snail-mail! 2006-06-01
Anonymous (1 replies)
Abandon e-mail! 2006-06-01
Mercury/|Hermes
Um, I Have Your Solution 2006-06-01
Reynolds Kosloskey (3 replies)
Re: Um, I Have Your Solution 2006-06-01
kwesi (1 replies)
Web Based Email 2006-06-01
Reynolds Kosloskey
Re: Um, I Have Your Solution 2006-06-02
Mr. Mail
Abandon e-mail! 2006-06-01
Paul Kosinski (1 replies)
Re: Abandon e-mail! 2006-06-01
Paul Kosinski
Abandon e-mail! 2006-06-01
JeHicks
Abandon e-mail! 2006-06-02
Brush-Head
A bottin 2006-06-02
lucmars
Top 500 Supercomputer 2006-06-02
Anonymous
Abandon mail, too? 2006-06-02
Anonymous
Abandon e-mail! 2006-06-02
Anonymous (1 replies)
Re: Abandon e-mail! 2007-07-25
Anonymous
You're crazy and uninformed! 2006-06-02
Anonymous
Abandon e-mail! 2006-06-02
Anonymous
Abandon e-mail! 2006-06-05
ITDefpat
This is silly. 2006-06-06
Anonymous
The final solution 2006-06-12
Anonymous
Abandon e-mail! 2006-07-01
Richard


 

Privacy Statement
Copyright 2010, SecurityFocus