, 2006-05-30
Kelly Martin takes a step back from e-mail's unstoppable phishing-virus-spam epidemic and imagines a world where secure e-mail could be the next big killer app.
Expand all |
Post comment
Rubbish! What are the probIem ISSUES ????
2006-05-31
Dom De Vitto (1 replies)
Dom De Vitto (1 replies)
Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Jeff H (1 replies)
Jeff H (1 replies)
Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-01
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Re: Rubbish! What are the probIem ISSUES ????
2006-06-06
Jeff H (1 replies)
Jeff H (1 replies)
Um, I Have Your Solution
2006-06-01
Reynolds Kosloskey (3 replies)
Reynolds Kosloskey (3 replies)
The first is that we shouldn't talk about abandoning e-mail. That's nonsense. E-mail is just a way of delivering messages from one client to another via one or more intermediate servers that store messages (for a while, at least) until the receiving client fetches them. SMTP is one protocol used for message delivery in this manner, XMPP is another (the jabber instant messaging protocol). If you were to send electronic letters via XMPP, and if your client looks much like a regular e-mail client, would the message not still be e-mail?
A better wording would be that the SMTP protocol should be supreseded by another protocol that takes today's security issues into account. I'd wholeheartedly agree with that. But abandon e-mail as such? Nope, I want to keep it.
Which leads me to the second gripe, that abandoning e-mail is just the wrong solution for the "phishing-virus-spam"-problem. As other people have pointed out, methods such as PGP work fine for protecting you, if your client simply refused to accept messages not signed by trusted entities.
The problem here is two-fold: managing trusted entities is cumbersome, and people don't understand why they should take on that burden.
So the solution must be to make managing trust in that way a lot simpler, and to educate the user.
Everything else is bound to fail.
As a sidenote, a new protocol should probably be designed in such a way that invalid/rejected messages can be rejected before the message has been passed around a whole lot. In other words, it should probably stay on the first server contacted by the sender's client until the receiver's client has signalled that it will accept the message. Running my own mailserver, I can tell you that most of my available bandwidth would be saved for useful traffic that way.
Now who will pay me to design and implement such an alternative mail system?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/404/33677#33677