I’m intriqued, please explain how this works without any exchange of keys. If it’s that easy why isn’t it more widespread?
Domino does a key exchange. Does a lookup on its list of users (domino uses a directory, called names.nsf) for the users it’s addressed to, finds their public keys, encrypts the mail, then sends. It only works for domino users - if you send an email to a mix of non-Domino users and domino users it advises you that the email to the external users is not going to be encrypted.
Basically, it’s a cut down version of the PKI system I described above. If it used an open format then it could share keys with other systems via publicly searchable key servers. You can change it to work with them, but as of the last version of Domino I used much (version 6) it was a right pig to get working.
MS is the only company in the position where you have to have their product (Windows.) That the product itself isn’t an email program isn’t relevant, it still gives them the position of the 800 pound gorilla for pretty much any software.
This is exactly how they killed Netscape, even up to the point of making stuff become incompatible with official systems. One Windows update which causes all versions of Outlook to gain a new email protocol that is the default output and voila, three months later and people will be able to disactivate input from anything using the old protocol.
Nope, not even close. Look at how few mail servers run Windows. Relatively few computers not on home desktops run any Microsoft software at all.
You know, if the people wanted it, they could have it on their own, with no big deal.
Ten or so geeks invent Really Lousy Encryption.
It encrypts text, with a twenty letter encryption key. It has no other features, but operates with a cut and paste from any old email program and outputs to a screen only format, which must be cut and pasted to save. You and your friends agree to your key on the phone, or in snail mail.
Everyone gets a copy free, but can send the ten geeks a dime, if they want. Those of you with really big deal aspirations toward blackness set up a one time pad with an automatic new pad every x letters. Anyone who wants buys a copy of the ten geeks Really Fuckin’ Great Encryption program, and use full sentences as your keys.
Now, if anyone with even minor league chops wants to hack your email, they can, in just a few minutes with gee whiz computer or even a few hours with a normal desktop, and some good software.
But if 60 percent of all text based email gets encrypted, and some is not done with RLE, but rather is done with RFGE, no one can tell which is which, and not even the Three Letter Acronym guys can hack a hundred million encrypted messages a day. So, you have increased the total noise to signal ratio of the internet by a factor of millions, and it just can’t be managed by folks that want a peek, legally or illegally.
By the way, the illegal hacker base is profit driven, and adding this sort of overhead to their lives will make them look for a better scam than hacking email.
Tris
Free encryption real encryption software that the 3 letter guys cannot break exists and has been free for years and years. PGP works with outlook, eudora, thunderbird etc. GPG works with PGP and is available for most email on unix/linux systems.
email is insecure these days because nobody really gives a shit about email security.
Indeed. If 99% of users are using a mail client that supports a protocol that is spam-resistant and can mail one another via that, and have the option to turn off support of the old protocol, you can bet they’ll turn off support for the old protocol as soon as they can. Once that happens, if you want to mail your clients or whoever, you’re going to have to start moving your mail servers over to the new protocol.