[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Autocrypt support

From: Tim Cross
Subject: Re: Autocrypt support
Date: Mon, 28 Aug 2017 22:47:29 +1000

I agree. This spec looks very under developed yet and I'm not sure it actually addresses the key issue which prevents more universal adoption of end-to-end encrypted email. 

The problem is and remains one of key management and humans, which becomes even more difficult because it is trying to retro-fit encryption to a protocol  which has no support for it. 

The real challenge for specs like this is that they mean nothing unless a majority of mail clients support them. Getting them added is going to be extremely difficult - near impossible. It is more likely we will just see people move to different comms channels which are secure rather than trying to retro fit traditional email.  A bigger problem is that their spec for level 1 only deals with users using a single mail client. I'm not sure in this day of multiple devices this will be sufficient. The reason I moved to an imap based setup is that I regularly use 3+ different mail clients on 4+ different devices. I need to be able to access my email from all of these devices and this spec will fail to provide that.  Level 2 looks like where this functionality will be targeted. However, the problem is that level 1 may not get the uptake/momentum needed to get to level 2. 

Note that I'm not meaning to disparage the effort - it is a good/meaningful effort. However, I think it needs to mature a fair bit before any real implementation/support can be added to existing mail clients. It is likely efforts like this are what is needed to work out a better solution, but this spec so far seems to lack some meat. It needs to provide more detail on exactly what the key problems are which prevent automatic end-to-end encryption of email and how this spec will address those problems. 


On 28 August 2017 at 19:41, Robert Pluim <address@hidden> wrote:
Rajeev Narang <address@hidden> writes:

> Is anyone working on supporting Autocrypt in emacs.
>   https://autocrypt.org/en/latest/level1.html

I don't think so. I didn't see any rationale on that page for why we
need yet another way of transferring keys and specifying encryption
options in email headers, perhaps you could explain why Autocrypt
would be a good thing?





Tim Cross

reply via email to

[Prev in Thread] Current Thread [Next in Thread]