Ask Slashdot: Could E-Mail ever Replace Snail Mail? 91
dlc asks: "The recent USPS question got me thinking. One of the major things traditional mail has going for it that email doesn't is the fact that, for the most part, signing a letter (marking it as authentic) is easier to do, or, at least, the technology to do so is much more common, and is much more widely understood. Similarly, one of the obstacles standing in the way of universal acceptance of email as a legitimate means of reliable transmission is the fact that it is difficult to verify the sender of a message. Digital certificates and a world wide (or at least wide-spread) public key infrastructure would go a long way towards removing this obstacle. My question for the slashdot population is this: Under what circumstances do you see digital cirtificates, PKI, and encryption in general becoming part of normal email usage, to the point where people have as much confidence in the authenticity of email as they do in regular mail? "
Re:The answer is much simpler than you might think (Score:1)
I can probably send a nicer e-birthday-card. All I've gotta do is send a Email consisting of:
And have a neat HTMLized card at that address, or you could just send a image as an attachment (PNG or JPEG)
Re:Get _everybody_ a PGP key pair and signature (Score:1)
Re:Get _everybody_ a PGP key pair and signature (Score:1)
Now I'm sure you really didn't mean that, but you should be careful that you truly mean what you say!
Digitized emotion: custom code (Score:1)
I agree that physical tokens are even more endearing, though; it's like the difference between sending sheet-music for a song you wrote, and singing it yourself.
Re:The answer is much simpler than you might think (Score:1)
Besides, which would you rather receive? A meaty email or a one-liner greeting card? Personally, I value the former more.
Re:Why certs aren't working yet (Score:1)
In Australia, there has been much noise by government but little action regarding PKI's. Australia Post had a CA scheme going but decided to can it about 3 months back. Your only options now for an Australian CA (other than becoming one yourself, which has its own sociopolitical issues though the technology is there) are a couple of the big accounting/consulting firms, neither of whom seemed to have a clue about what they were trying to do last time I looked.
If you don't go with Verisign or Thawte, or a few other CA's, who appear as default trusted CA's in MS and Netscape products, you run the risk of scaring techno-illiterates away with those "untrusted authority" dialogs.
For a server cert, the Verisign signup procedure is not simple, quick or cheap. Particularly for a small company trying to, ahem, "leverage the level playing field of the Internet."
The US export laws cause problems for anyone trying to write automated secure email programs. for example, RSA's S/MIME toolkits are only available to US and Canadian citizens. And S/MIME is what MS mail software would have you use by default for mail encryption. (Yes I know you can get PGP plugins, I use them myself, but does Joe Average Clueless User?)
I have written programs to send encrypted email. But I used PGP, which does not use certificates. Finding something for S/MIME using certs was just too hard.
Oh, yeah. I can't see Dell delivering my next computer electronically any time soon.
Snail mail, PKI & Implied Trust (Score:1)
The USPS and Federal mail fraud regulations along with the length of time society has used snail mail have played a part in creating that implied level of trust. But the majority of that trust comes from the relationship between the sender and recipient. Handwriting or letter style of grammer play a part in building that relationship which is why you trust that the message you have received is really authentic. The relationship's trust is also based on the type of message being conveyed:
That same implied trust does not exist today with PKI-enabled email. We don't have many of those associations in email to imply the same level of trust. PKI has limitations in that the trust placed in the transportation of the email has nothing to do with the content of the message. It also has nothing to do with the relationship between the sender and recipient. It is purely a clinical way of ensuring either privacy between sender and recipient, or the sender signing the message for non-repudiation. All it ensures is that:
None of this has anything to do with the content of the message or the relationship between the sender and recipient. PKI trust is effectively sterile.
Now add onto that the reliability of your regular email provider, your ability to store your keys securely yet have them easily at hand to actually use, add the average IQ of those you trade email with on AOL, and you suddenly realize that none of this is ready for prime-time.
Several suggestions have been presented to create the infrastructure for PKI. A recent recommendation is to have the DMV issue Smart Card drivers licenses, and an initial certificate which you would use for an electronic signature. This is probably the quickest way to get certs to the unwashed masses, but opens a whole can of worms related to government intervention. Let's look forward to that time (hinted at in the Book of Revelations) when you can only buy and sell electronically using such a cert as your "unique signature ID". If the DMV can revoke your driving privelidges and cert for any reason, then you have no reason to imply any trust in such a system unless you truly believe it can never happen to you. Of course, if you're prone to paranoia....
Back here on planet earth, most certificates are issued for two years and then automatically expire. After it expires anything you have signed will be no longer be able to be validated by the CA. Legally this is still unknown territory. Can you still trust email that was signed, but the certificate of authority has expired? Or is your trust now based upon the implied trust (context and the relationship) that was established when the cert was valid?
The conclusion that seems to gathering consensus is the Smart Card route. Whether you would trust VISA/Mastercard more than the DMV to issue you your card, and whether you can add your own certs to your Smart Card remain to be hashed out. Either way the trust relationship we know from snail mail will be different in PKI.
We can trust who sent and received the message. We can trust the integrity of the message. But we are still no closer to being able to trust the contents of the message any more than snail mail.
Re:It'll be a long time... (Score:1)
> info. But, dammit, I want a check. None of this
> credit-card-direct-deposit-get-all-your-cash-from
Why would you want to send or get checks? Speaking as someone from a society (Finland) where checks have been outdated for close to 10 years now, I think they are old technology. Bank account transactions are the way to go. I can send money to people via a nice web interface to my bank account, at any time of day or night I might want.
So really, why would anyone need checks in mail? Just let the other person know your account number, and they will do the transaction, and if you have accounts in the same bank then you can see the money on your own account in minutes via the web interface.
Hmm, my first ever
E-mail? Think about those wild men in jungle! (Score:1)
Second, with snail mail we've got real guarantee that your letter is delivered. That's because with buying postage stamp, placing it on the envelope and then putting the whole package into a postbox you kinda sign contract with that post service, which you can in turn, sue for not delivering the mail (if you happen to know it of course) On the other hand, sending email doesn't sign such a contract. If you complain to your ISP that your e-mail hasn't been delivired, he can just say there are some hackers or servers down or lightning stroke Microsoft office (not that 97, of course) or whatever.
And last but not least, you just can't send your friend a real souvenir which any postcard is.
Re:But a combination could use the strengths of bo (Score:1)
Why certs aren't working yet (Score:3)
Re:Get _everybody_ a PGP key pair and signature (Score:1)
he means have a government body sign keys. (go research PGP if you aren't familar with signing keys, its in a nutshell putting your key's reputation on the line verifying that the other key belongs to who they claim to be.)
That makes more sense..
Re:Get _everybody_ a PGP key pair and signature (Score:1)
I meant, have the government keep a list of every individual's public key, and verify this by requiring you to turn up at a registry office with birth certificate, passport or whatever.
Having the government sign people's public keys, as somebody suggested below, is a good way of doing things. Of course, you can get them signed by companies as well if you don't trust the government. But I would expect that any company operating within the law is no more trustworthy than the government it operates under.
it's already happening.... slowly (Score:1)
I guess my general answer is that it's happening already, and encryption is not an obstacle. Encryption is more secure than any snail mail you can send, and easier than your average certified mail.
Missed issue. (Score:1)
---
Openstep/NeXTSTEP/Solaris/FreeBSD/Linux/ultrix/OS
Yeah! (Score:1)
I have several collections of letters written by many authors. One of them is (natch) Hunter Thompson. He was carbon-copying his letters from the time he was a teen. What a fascinating read! Now how many people keep their email like that?
Taking the time to go thru letters and cards is fun and reminds us that we're human, rather than hi-lighting and hitting delete delete delete
OTOH, I'd take spam over regular junk mail any day. I'm sick of those crappy two-bit pizza places that have to advertise in green in pink!
Authentication (Score:1)
I'm out several hundred dollars because someone cashed my IRS refund check three months after I reported it missing. In the three or so years following the initial loss, the only response from the IRS to them having me fill out the same form over and over again ("no, I did not benefit from the cashing of this check." etc) was them sending me a photocopy of the cashed check.
On the back of the photocopied check was my name, signed in a hand that in no way resembled mine.
I'm hard pressed to imagine that written signatures mean a d*mn thing. The bank that cashed this check certainly didn't perform authentication of my identity. So I while the "technology to do so is much more common", it certainly is not "much more widely understood".
Re:It'll be a long time... (Score:1)
Idoit. What if I don't want *WANT* to let the other person know my account number? Forget paying bills by email or any other of the crap people like you seem to be fond of, it's stupid and you have no real control over it. I'ld rather buy a money order from the post office for the exact amount *I* want to *PAY* on a bill rather than go through that "electronic banking" bullshit that's basically a consumer rip-off.
E-mail... (Score:1)
The Bulk of Snail Mail (Score:1)
As Online banking takes it's hold (as it has already begun doing) Intuit [intuit.com] is responding with software like Quicken, Quickbooks, and Turbo Tax. (Along with a small Redmond Ba$ed Company [microsoft.com]). And it has become a goal of these companies to absorb the bulk of this large portion of postal mail usage. (And with the resources that that are inplace, online checking is on the verge of dawning on the electronic finance field.)
My timetable for a purely electronic mail system is quite short (at least for my position) - since bills are the only thing that I use postage stamps for.
*Carlos: Exit Stage Right*
"Geeks, Where would you be without them?"
Re:It'll be a long time... (Score:1)
Why not? It's like saying "why would I want to give out my email address to people? I don't want them to know my address." You can do it, but it will inconvenience you. And it's not like they can do anything with the number except send money to it, AFAIK. Maybe your account is different though.
> Forget paying bills by email or any other of the crap people like you seem to be fond of, it's
> stupid and you have no real control over it.
I've never paid bills by email, and I don't think there's any technique like that available for me. As for the rest, I can view my account information, current balance, and complete whatever transactions I wish. It's exactly the same things you can do otherwise too, only the "interface" is different. I don't see how I don't have real control. I actually feel I have more control over my account since I can check it much more easily than I normally could.
> I'ld rather buy a money order from the post office for the exact amount *I* want to *PAY* on
> a bill rather than go through that "electronic banking" bullshit that's basically a consumer
> rip-off.
Well, for me, when I pay a bill via the web form I enter the recipient (account number & name), the sum, the date and the code number (not sure how to translate that term) for the bill, if any. I have complete control over the sum and time of payment, I can choose any amount I want too.
As for rip-off, I think that banks shouldn't charge for this kind of service but they do, so that part is true. Mind you, they charge for every other kind of service so it's no more a rip-off than the other "services" they provide. It's also true that this form of customer service reduces the costs for the bank, but I don't care about that since I feel it also provides me with better and more convenient method to take care of my account and transactions.
confidence (Score:1)
Only when crypto is free, reliable,and easy to use (Score:1)
Andrew G. Feinberg
Re:Hmm... (Score:1)
The same could be said of snail mail, no?
-witz
The 'popular' mailers need to support it (Score:1)
One thing I've learn is that it won't happen until most people already have the tools to make it easy. I use a mailer that integrates with PGP (SeriousVoodoo); you just check off if you want the mail signed and/or encrypted. But when I send PGP'ed mail to a friend, if they have to tell elm to save it to a file, and then they manually run PGP on it, it is too much of a pain in the ass. So they tell me, (paraphrasing) "Quit encrypting your emails unless it's something important." (*groan* I don't want to just encrypt the "important" stuff! I wanna overwhelm the snoopers. Let 'em spend a few years decrypting my "Let's go to the movies on Saturday" message.)
The tools have to get out there first, before people will start using it a lot. Old mailers need to be updated or replaced.
---
Have a Sloppy day!
Re: (Score:2)
Reliability (Score:1)
Outlook Express integration of Hotmail is one of the major things keeping me with Win95 and IE5 (don't laugh, it's useful!) Now that feature hasn't worked for several days. I guess that's what "limited Beta" means. Another straw on the camel's back. Time to shop for a hardwareModem... and a distro again...hehe
I'll still use postal mail for small packages, special letters, and bills that i dont trust to electronica.
** Oh, anyone else think the "Submit" button oughta be removed so previewing is mandatory and we won't have the "oops, blank/incomplete post" phenomenon? *cough*
Hmm... (Score:2)
As regards to authentication and encryption, this is a bigger issue. The general answer, I would say, would be: the general population will use authentication and encryption when it will be build into all mail tools, switched on by default, and work transparently. I am rather pessimistic about more than 1% of computer users doing something proactive to use encrypted email. And from personal experience I know that trying to communicate by encrypted email with people who don't understand either encryption or the need for it is a pain in the ass.
Authentication (i.e. digital signatures) is a complicated topic with the key problem of correlating a digital signature with a real-world or an online identity. There are two major approaches -- one uses centralized certificate authorities that vouch for the key-identity correspondence, and another (PGP) uses what it calls a web of trust. Both have significant problems and are not in widespread use.
I guess my answer is 'don't hold your breath'. Security is complicated by nature and people are generally unwilling to spend the time and effort to work it out and set it up. Another answer, which the
Kaa
Interesting Question (Score:1)
Another problem is the lack of personality of a regular email, the lack of humanity. There is only so much personalization that you can do with an email. You have the regular emoticons, and strange fonts; but they just aren't the same as big loopy handwriting, with smily faces dotting the "i's".
Until there is some way to do something like this, I believe that the USPS will still be in business for a good deal longer. What really needs to be done, is to have some "datapad" type deal, that allows you to access your email easily, let's you write in your own handwriting (maybe translating it if it is atrocious like mine). Think of a Palm VII with a nasty crack habit.
Well, umm, I am just tossing ideas out, so this is the end
--This was not spellczeched. So leve me bee...
technique is already there (Score:1)
One major obstacle has been the US position on encryption keys for the past few years. As long as that has not been resolved, it will be hard to get useful standards.
So yes I think email will replace snailmail in the long term. There is no technical issues here and I think laws and standards will show up eventually.
Since I'm not a legal expert nor an encryptionb expert perhaps somebody else can point out if there are any major flaws in my reasoning.
ebay alone is going to support the post office (Score:1)
CY
Get _everybody_ a PGP key pair and signature (Score:1)
Issue every citizen with a PGP public key pair. The problem with current PGP keys is that you have no way of knowing that the 'real' person got the keys in the first place. Your lovingly encrypted / signed communications may be going to an interloper. What's needed is an agency that will require physical authentication, as well as a passport and maybe other ID, before issuing a key, and then provide an easy way to look up the public key of each individual.
I know that there's not a snowball's chance in hell of this happening in countries like France, the US or Britain, but governments of more enlightened countries, who don't want the NSA tapping their citizens' messages, might go in for such a plan.
And before you all complain, I know that you can't trust the government in matters like these. However, I think this would provide a little more security than just looking at a public key server. You could of course do both.
Digitisation works for information but not emotion (Score:2)
On one level, mail as a way of passing information from a to b. Here e-mail could well win, ultimately, in terms of security, speed, and convenience. It works! You can send and receive text and graphics.
But on another level, you cannot hold an e-mail in your hand. You can't have somebody elses creation, as they had it, on your mantelpiece.
Sure, you can print it out. But you can't lift that printout up to your nose to smell your girlfriend's perfume. You can't receive an e-mail you can run your hands over because somebody has chosen special paper for you. You can't receive an e-mail that's been handpainted. Perhaps you can digitize it. But then its just not the same object.
While we're receiving information, the value of snail mail will become less, with electronic mail becoming more commonplace. While we're receiving emotion, the value of snail mail will grow, as simply something more special.
Comments? Anybody disagree?
Re:confidence (Score:1)
Deja vu...duplicate story.... (Score:1)
http://slashdot.org/askslashdot/99/07/22/013925
Granted it's not the identical question, but pretty much the same concept....
Re: (Score:2)
It'll be a long time... (Score:1)
1. It can't happen until pretty much everyone has email. EVERYONE. Worldwide. What percentage of people in Africe today have email? Hell, what percentage of people in the US have email today?
2. There are still a lot of things you can't do through email. You can't send birthday cards to your friends. Your SO can't send you a letter with lipstick marks in the shape of a mouth puckered up for a kiss on the flap of the envelope (or you can't do so, if you're the one in the relationship inclided to do so). You can't send checks. (You can send credit card info. But, dammit, I want a check. None of this credit-card-direct-deposit-get-all-your-cash-from
3. Lack of a physical address. Just because my email is @something.demon.co.uk doesn't mean I'm actually in the UK. I could be in Germany. Or Canada. Or New Zealand. Or Antartica (I'll grant that it's unlikely, but...). Companies, for some reason, frequently want to know where you are. Some will only ship to the billing address on your credit card. Those companies might not like the idea of sending something to an @{ISP name}.nz address if the billing address is Boston, Mass.
So: email will not snail mail because of it's not universal, it's can't carry all the things that snail mail can, and, in some cases, disparities between physical and email addresses.
Just my 1/50 of a dollar.
-Ender
Re:it's already happening.... slowly (Score:1)
Is it just me? or did CNBC borrow this one.. (Score:1)
trusted email, eh? (Score:1)
E-mail = combination of telephone and USPS (Score:2)
Well, for me, anyhow. It can't replace either one entirely.
Since my parents and most of my friends from college now have an e-mail address, I send e-mail when I need to get something responded to reasonably quickly but not THIS SECOND.
There are certain situations that I don't think call for e-mail or for telephone calls -- good old-fashioned snail mail is the only polite option. Wedding invitations and sympathy cards come immediately to mind.
Likewise, if there is an emergency and next of kin need to be notified, you better believe I'm using the telephone, at least as a first attempt. If that proves ineffective, THEN I might send an e-mail saying "please call" or something similar.
E-mail is the best option if you need to send out the same news to a lot of people that live in a wide geographic area. Individual phone calls are time-consuming and expensive, and for some reason form snail mail is much more irritating than multiple "TO" e-mail. That could just be a personal quirk, though.
For average, ordinary, mundane communication with friends and family, I tend to use e-mail because it's convenient and cheap and I don't have to remember where I put my stamps.
And don't forget, the computer was supposed to bring us the "paperless office." Yeah right, like THAT will ever happen.
Re:Reliability (Score:1)
Not for awhile (Score:1)
If there is one company that is losing out on my email, its the phone company, not the USPS.
USPS will always be around...I have yet to be invited to a wedding through email.
Snail mail.. (Score:1)
On the other hand.. I think package delivery will increase. If the U.S. Gov't really wants to start making profits they should stop worrying about taxing email or increasing the cost of stamps and instead lower the rate to ship packages, make packages better insured to reach their destination quickly, and make a free interface that e-stores can use to figure up shipping costs, schedule package deliveries, etc. Not only could this keep the Postal Service in business it could also help pay for the Internet infrastructure w/out adding any new taxes.
Certificates / Keys should be free! (Score:1)
will e-mail replace snail-mail? (Score:1)
Seems unlikely (Score:1)
This questioner sounds very U.S.-centric. You've got to think in a wider view.
...phil
It's all about trust and context. So: 'Sometimes.' (Score:2)
In discussing the concept of "trust" / "authenticity," etc. context changes everything, and when people talk about trusting email vs. trusting snail mail, I think there's sometimes the impression that people ever (or often, say) rely on either of these methods in complete isolation.
In my job, I sometimes request and receive publication permissions for logos and quotes via email; it's usually the most reliable way to reach people in my industry (I work in advertising for personal computers that rhyme with "Smell").
Now, since the email originates with me for the most part, and there is usually some level of phone contact, the occasional fax, etc, I have no real problem with presenting the resulting replies as permission to our client, though usually we also get paper copies in the mail as well.
If someone with the email address "EdMcMahon@whitehouse.gov" wrote email to say that I'd won a million dollars and simply needed to mail him $10 to cover the shipping on the winnings, I would be
Point is, spoofing someone into thinking that *any* communication (phone, fax, email, snail mail, smoke signals, whatever) is legitimate when it is not requires that it be innocuous seeming and have enough clues indicating authenticity that they would never question its legitimacy. It's not just putting on a Halloween mask and saying "I'm Papa Smurf!" -- you actually have to at least make the other person think that you are only 3 apples tall, blue, etc.
And another thing to point out is that people seem to have a lower threshold of trust for paper mail (because everyone knows you can't trust that dang in-ter-net), so perhaps it's easier to actually fool someone with it. In fact, that's my opinion, at least in business contexts.
Just thoughts,
timothy
CA and digital signatures (Score:1)
RE: E-Mail replacing US Snail (Score:1)
...and trusted by the general public (Score:1)
Some day, I hope, every junior-high-school student will learn the basic cryptographic concepts behind PGP and its kin. Then, most people will know enough about cryptography to evaluate products that use published cryptographic protocols and shun products that don't. (I can dream, can't I?) Until then, most people will continue to trust ink on paper more than anything else, and the field of commercial cryptography will be littered with buggy software, snake oil, and Trojan horses.
Re:Hmm... (Score:2)
The same could be said of snail mail, no?
Thats what the man said!. No offense but,
*slaps you with a large trout*
Re:The 'popular' mailers need to support it (Score:1)
Re:Get _everybody_ a PGP key pair and signature (Score:1)
Shipping packages will only increase. (Score:3)
Snail mail is typically a delivery of INFORMATION, which can now be better done in other ways. With packages, you are sending a THING, and until some star-trekkish system goes into widespread use, more and more packages will be shipped through FedEx, UPS, etc.
I used to almost never have things shipped to me - I'd go buy them. But since I can now easily do price comparison shopping and find good deals online, I have ordered things shipped to me every week or so.
So THAT service is definately on the increase.
Not with cryptography (Score:2)
You can be sure email was delivered and unread if you encrypt it, digitally sign it, and send it, and then get back an encrypted, digitally signed confirmation from the reciever that they got it.
This level of security and authentication could never be claimed by snail mail.
Re:No they don't (Score:1)
Perhaps not, but I didn't say anything about 'regular'. The paper mail mechanism is there, for them to use if they have the need. If you convert to all e-mail then you have to give them at least the same access to computers, reliable networks, and reliable electricty. Good luck.
Most of these probably don't have birth certificates or pay income taxes either.
Yet another U.S.-centric view. Is having a birth certificate a world-wide requirement?
...phil
Getting Signatures to work (i.e. good PKI) (Score:1)
(1) The average user doesn't know what signatures or certificates are, or what they do (i.e. they're too obscure), so why do they care?
(2) Too complex and too much of a hassle (why pay Verisign or someone else for something that you'll probably never be able to use anyway). Most security UIs are overly complex, and no average user will want to deal with it. It is also difficult to manage certs. What if Alice wants to send an encrypted email to Bob, but she doesn't have Bob's cert? Without a lot of common LDAP servers and other such things getting people's certs will be a hassle, and so nobody but us geeks will bother.
(3) For those people who care enough to figure out the complexity, and deal with the hassles, there is still an issue of trust. How do I know that IE5's implementation of S/MIME is secure? They could be storing things on my system insecurely, or perhaps Netscape (even though it is open source, the security areas of the code are not) has a bad security implementation. Granted that I trust that once things hit the network, that they are secure because I trust the S/MIME and the involved algorithms, but on my own system I'm not so sure. If I was to be really paranoid about security, I would still use PGP (or my own custon S/MIME implementation) so that I knew that what was going on was secure. For the average user who can't (or won't) use PGP or their own software, trust is a major issue, and perhaps a roadblock.
So all of that being said, what can be done to fix it? There are three things (again, three, hmmmm...) that I think could move things a very long way.
(1) This is the biggest. Since good certificate systems usually tie a certificate to an email address, and you get your email address from your ISP, I think that if when you got your ISP account a certificate/keypair were created automatically (without much in the way of user interference), then things would be much easier. Like with all certificate authorities today, the keypair and cert request would be generated on your machine, and then sent to your ISP. They in turn would create your certificate, and send it back. Just as secure as todays systems, but the advantage is that it would happen automatically when you first set up the ISP connection (maybe custom software from the ISP?). Imagine if ISPs acted as certificate authorities (or proxies for CAs) (listen up AOL). If that happened, most people with home internet accounts would have certificates. This is the most crucial thing: making sure that everybody has a certificate/keypair, and that there is no hassle for the user in getting this. If this service were part of the cost of the ISP connection, it would be no big deal. (Verisign charges something like $10 for their basic level 1 cert, and that works out to less then a dollar/month, so it wouldn't be too expensive for ISPs I wouldn't think, especially if they only acted as secondary CAs and didn't have to handle the physical security of a root cert)
(2)Biometric security devices standard as part of new computers. This isn't totally necessary, but it has the potential to make things a lot more secure in general. If I remember right, Compaq started shipping a thumbprint scanner with one of their lines sometime last year. If this became common (or if smartcards to store keypairs became common), security would mean a lot more.
(3) If a big name like the USPS, or Verisign got involved with being a central repository of certificates (using LDAP or whatever) and application developers made lookups to this database invisible to the user, it wouldn't matter if you already had a cert or not. Your application could simply fetch it from the repository if you didn't already have it. On a similar note, if a body was formed to certify products as secure, that would also help. If I knew that some trusted thrid party had verified the security of Netscape's, or Microsoft's, mail programs, I would feel a lot better about using them. I suspect other users would feel the same.
In the end, the answer is: security will be used when all the average John (or Jane) Doe has to do is click the Signing or Encryption button on their outgoing mail, and the rest is taken care of for them. If security is supremely easy to use, then everybody will use it (there will be no reason not to).
Not For When It Matters (Score:1)
Re: (Score:2)
Exactly. (Score:1)
in short, i agree completely. regular postal mail is definately more special. and that is why e-mail will never completely replace it.
not everyone has a computer, you know (Score:1)
OF SNAIL MAIL. Snail mail has distinct advantages, like the fact that all you need is a pen, paper, and a stamp. Until we live in a Star-Trek world where money is abolished, not everyone is going to
have instant access to a computer all the time.
Besides, why should you need something as complicated as a computer to write something as simple as a letter? I love email, but the option
of just writing should always be there. Technology is supposed to help us, but there's no advantage to becoming completely dependent on it (even though modern society IS dependent on it - I'm just saying that dependence is a by-product, not a goal).
Finally, I don't personally consider email to be very permanent. I've lost lots of mail when I've changed schools, just because I left it on some account somewhere. I only bothered to translate about half my mail from one email program to the other when I made my last big switch. It's not always trivial to read documents that were written several years ago, purely because programs change their file formats all the time, and not every translator is 100% effective. I'll never have to worry that my eyes won't be compatible with the letters on a printed page (unless I go blind, but that's a different story).
In short, I don't think printed mail will ever be obsolete.
Re:Get _everybody_ a PGP key pair and signature (Score:1)
Why does it have to be a government agency? Would you trust a pair of keys given to you by the government?
A private agency would have a reputation to worry about. Better yet, why not have a couple of private agencies who would provide this service for a fee? A couple of private agencies would not only give us a choice, but give each agency an incentive to be very careful about authentication, and making sure that when you walk out with your keys no one else has a record of them.
And before you all complain, I know that you can't trust the government in matters like these.
So let's not. Let's let the private sector do it. They can do it better, faster, more reliably, and cheaper than any government agency could.
Sounds like a good dotcom business. Is there a venture capitalist in the house? I only need twenty or thirty million.
Could it?: UH no... (Score:1)
JediLuke
Hmmm (Score:1)