[Enigmail] Drama!

Robert J. Hansen rjh at sixdemonbag.org
Fri Feb 15 17:18:46 PST 2008 

Michael Kane wrote:
> That said, I still agree that encryption could be made easy for the
> layman.  Correct me if I'm wrong, but isn't that exactly what Skype does?

Skype is a proprietary product which is not open for peer review.  If it 
were open sourced, it still would not be a reasonable comparison.  The 
only client Skype has to interact with is... well... Skype.  There is no 
standard Skype protocol.  There is only one vendor.  It operates on only 
a couple of platforms.

OpenPGP is none of that.  It's an IETF draft standard provided by many 
different vendors running on everything from mainframes to cell phones 
and toaster ovens and coffeemakers.  (No, I am not kidding about the 
last two.)  As you can imagine, this leads to some implementation 
headaches that Skype gets to completely dodge.

The other major difference is architectural.  The SMTP mail standard 
(RFCs 822, 2822, among others) predate the idea of worrying about 
confidentiality, integrity and availability.  S/MIME and OpenPGP are 
bolted-on software packages meant to rectify this oversight.  This means 
that architecturally email crypto will always be Frankenstein's Monster. 
  The only real question is how monstrous it will be.

Skype incorporated the CIA triad (confidentiality, integrity and 
availability) from the very get-go.  This means that Skype is 
potentially a much, much cleaner design than the RFC2822 + RFC4880 + MUA 
+ MTA + OpenPGP Provider + MTA Plugin architectures out there.

> I had been dreaming of an open source software package that:
> 
> * installs GnuPG
> * installs Thunderbird
> * installs Enigmail
> * imports the user's address books (either locally or from webmail)
> * walks them through setting up keys
> * publishes the keys to a server, and optionally their address books

Ubuntu already does the first three very easily.  Thunderbird does the 
fourth, the Enigmail key wizard does the fifth and sixth.  This is a 
solved problem.

> That's not so far-fetched to me.  Is there a reason it should be?

Yes.  Installation is the easy part.  It's already been solved.  The 
remaining problems are both social and psychological.

Most people don't care about security.  Everyone talks about how much 
they value their privacy and then they post their most intimate details 
on Facebook.  Likewise, a lot of people will install Enigmail, discover 
that key management involves work and that their intuition is not a 
useful guide, and will give up on Enigmail and go back to Facebook.

There's a psychological deterrent to using Enigmail, too.  Your messages 
appear ... different.  Everyone else gets to use HTML mail and embed 
YouTube clips, but you're still using a monospaced font--and what's that 
junk at the end of your message, anyway?  Line noise?  Get with the 
times, man!

And then there's the stigma.  Imagine that I tell you there is, right 
now, a shotgun nearby.  You can probably come up with many reasonable 
explanations for why it's there.  Likewise, if I tell you that the 
blinds on my window are drawn, you can imagine a lot of good reasons for 
that, too.

But if someone tells you "Rob is a privacy nut, he's afraid the 
government is reading his email, he keeps a shotgun within arm's reach 
of his PC and his blinds are always drawn"... suddenly I become a threat 
to public safety.  The stigma behind being a privacy advocate is very 
real, and has come up time and time again when HCI people ask "why don't 
you use encryption?"

If you want Enigmail to be so simple and straightforward even your 
grandmother will use it, then I salute you for your intentions and wish 
you well with what's ahead.

The technical problems with widespread adoption of encryption are 
relatively easy to solve, when compared to the social problems.

More information about the Enigmail mailing list