Comment by belorn
7 years ago
Telling people to treat email as insecure and thus not use it for anything serious is terrible bad advice.
I am reminded of BGP (Border Gateway Protocol). Anyone who has even glanced at the RFC of BGP could write an essay of the horrible mess of compatibility, extensions, non-standard design of BGP. It also lack any security consideration. The problem is that it is the core infrastructure of the Internet.
Defining something as insecure with the implied statement that we should treat it as insecure is unhelpful advice in regard to critical infrastructure. People are going to use it, continue to use it for the unforeseeable future, and continue to treat it as secure. Imperfect security tools will be applied on top, imperfectly, but it will see continued used as long as it is the best tools we have in the circumstances. Email and BGP and a lot of other core infrastructure that is hopelessly insecure will continue to be used with the assumption that they can be made to be secure, until an actually replacement is made and people start to transition over (like how ipv6 is replacing ipv4 and we are going to deprecate ipv4 if you take a very long term view of it).
People that use email to convey sensitive messages will be putting themselves and others at risk, whether or not they use PGP, for the indefinite future. That's a simple statement of fact. I understand that you don't like that fact --- nobody does! --- but it remains true no matter how angry it makes you.
I would say that people that use any critical infrastructure not designed with security in mind is putting themselves and others at risk if they convey sensitive information. This is why plain text protocols should be considered insecure.
It would be great if we could replace the whole Internet with modern technology rather than relying on ancient systems like BGP and email.
> It would be great if we could replace the whole Internet with modern technology rather than relying on ancient systems like BGP and email
I've occasionally though of starting a long term project that could eventually do that assuming that politicians screw up things the way it looks like they going to do over the next few decades.
The idea is that a group of interested people would develop these new system with no requirement whatsoever to have backward compatibility or interoperability with the current systems.
Of course these new systems would not get widespread adoption. They'd probably only be used by the developers and a few others who are willing to essentially have two completely different systems in parallel: the new stuff for communications among themselves and the current stuff for everything else. That's fine. It means no pressure to compromise to get something out faster.
Lack of adoption is not a problem. That's where politicians come in. What we are counting on is that those idiots are going to manage to cause or fail to prevent some apocalyptic event(s) that will sufficiently destroy the current systems that when the survivors get around to rebuilding the Internet and communication infrastructure they are starting from a clean slate.
How do you write this after writing that previous comment, which says that what I just wrote is "terrible bad advice"?
4 replies →