"Mr. B" <firstname.lastname@example.org> wrote in
....snip interesting points...
I'm an old man and old men tell long-winded stories. And so…
Many, many years ago I was attending a lecture in higher
mathematics at McGill. The professor was developing a topic
and at one point said, "And so it obviously follows…" as he
then proceeded to write down a new equation on the blackboard.
One student interjected, "Sir, I don't see how that obviously
The professor silently stared at the blackboard for about 30
seconds and then abruptly turned on his heel and walked out of
Fifteen minutes later he returned (dutiful students that we
were, we hadn't bailed). He then said, "Of course it's
obvious!" and proceeded to fill two blackboards explaining
Your story of how easy it is for someone to set up a mime
cert. or get GPG going or do whatever other arcana are
necessary for encrypted email very much reminds me of
Professor Bach's "Of course it's obvious!"
No, it isn't easy or obvious. For one thing an ordinary user
hasn't the slightest clue that it is MIME or PGP or
Quicksilver he should be tinkering with and not something else
entirely, never mind the mechanics of doing so once he
establishes that that is what he should be doing. It's very
far from obvious or easy. He must become a security hobbyist,
investigate and research, question others, filter out the
nonsense and the misinformation, avoid dead ends and wild
goose chases, and on and on.
Is it doable? Of course it is - if he wants it badly enough
and is willing to put up with the pain in the ass of doing all
this. But for most folks the game isn't worth the candle.
They don't want to become "junior security experts," they
don't want a new time-consuming security hobby, they just want
to CONVENIENTLY send their email with modestly improved
privacy. Especially since it is far from obvious that, even
if they do all this security rigmarole, that the encrypted
email still won't fail for some overlooked reason and bounce,
get lost in the aether, be unreadable, or whatever.
And even once he does all this, he's still not finished.
Nope, he has to become a "security missionary" proselytizing
to convince all his friends and family to also do the same as
otherwise the whole exercise is pointless. What a PITA!
(Consider, for example, that people are willing to pay $25 to
port their existing telephone number rather than have to
contact all their friends with a new one. There's a coarse
metric for how simple encryption has to become to be broadly
Ordinary folks want modestly improved privacy - they are not,
in general, looking for military-grade security. They send
letters in envelopes rather than postcards because it's easy
and gives improved privacy - even though they are under no
illusions that a sealed letter cannot be opened and resealed
by a sufficiently motivated adversary (or rendered transparent
by Freon, or…).
If they had to make their own envelope glue by rendering cow's
hooves they'd stick with postcards, however. And despite the
protestations of security aficionados like you and me, the
ordinary user regards the current state of encrypting email to
be nearly that much bother. They want quick and easy - or
better still, invisible and transparent, with no need for any
They don't give a **** about MITM attacks (99.99% aren't aware
there is such a thing but they wouldn't care if they did
know). They aren't worried about serious adversaries, they
mostly just want modest privacy with minimum hassle. If the
hassle is too great it's just not worth it.
As for crap about needing a lot of additional security
precautions or you leave people "vulnerable" consider this:
right now they aren't using ANYTHING for privacy or security
and won't unless and until it becomes dirt easy. Any method
of improved email privacy, even though imperfect, would be a
(As for security on the PC itself, this is a chimera. NOTHING
even an expert can do can prevent security compromise if an
adversary has unfettered access to the machine - the ordinary
person is wise to be oblivious to this risk. For instance, if
you want to frighten the **** out of yourself take a look at
the CAs listed in your certificate store - and spend an
afternoon trying to purge the flaky ones out of, say,
No, the ordinary person doesn't need the "whole catastrophe"
you want to foist on him, he just wants modestly improved
email privacy resistant to casual snooping. CONVENIENTLY!
Remember: The perfect is the enemy of the good!