As if ... I was discussing with a friend this afternoon just some of the issues you raise. Along with this we were discussing the problems people have with the way the simple mail system has become distorted by html based mail and the problems people have with forwarding the new complex mail structures and the ever present "social engineering" threats posed by the newest scams and viruses circulated by email.

Yet ... (why does everyone talk about SMTP?) when actually POP3 (since more mail is read than sent)is the most popular protocol for free communication on the Internet why is it being questioned? Take a moment to look at the massive global infrastrusture that has been created to support POP3 mail. It is still the favorite and most easily understood way for you to send a picture of your child to your mother (that she can understand). It is still the easiest way for you to send a spreadsheet to your boss in your workplace that he/she can understand.

Imagine for a moment the enormously massive cost to replace the infrastructire to replace POP3. Who will pay for it? To mail a piece of paper, wrapped in another piece of paper that provided secure mail for a century we have always had to pay for it. Everyone has come to expect email to be free. To pay for a new email system that everyone will trust will not come about supported by advertising. It will need for someone to invent a service that is so easy to use, so compelling, so desirable, so utterly secure that the vast mass of users will fall over themselves to pay a -very- small charge to use it.

Only then will the inertia that runs the current massive free POP3 infrastructure be persuaded to move, however slowly, to a new way fo doing things. It will also need to be a way that will work globally (what's all this about social security numbers - an invention of one nation state on the north American continent).

Given our global ability to agree on IPv6 or who should manage the root servers of the Internet ... I can only begin to imagine how a new standard secure email is going to be decided. I suppose like many others I can hope that someone will just put forward something so amazingly good that we all just wonder "why didn't I think of that?"

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/404/33657#33657