richard@karmannghia.org writes:
...I would hope that all netizens are fully aware (and obviously not all are) that there is not and cannot be such a thing as "safe environment for email discussions" with email as now practiced and to create it requires a serious overhaul of the way email is conducted.
My original point was I feel perfectly safe here on Mailman lists (of course I am in a position to get people banned, so I am in fact safer than the average bear, though I would not mess with a Kodiak).
It doesn't have to be this way: email bodies and even the destination username and other parts of email headers COULD be encrypted when enroute via the same mechanisms as we have long used for secured web sites,
True, and in fact many sites implement the enroute part, it's called mandatory TLS. I would imagine the proposals to make traffic analysis more difficult would apply here too.
and even end-to-end encryption isn't too difficult to implement, and I'd lay a substantial bet that an open-sourced effort harnessing the ideas of DKIM / SPF / DMARC could easily and simply accomplish this.
I've thought a lot about this, it has been proposed multiple times as a GSoC project for Mailman, and this is simply not true for mailing lists as implemented in Mailman. In particular, it's simply not possible to achieve end-to-end encryption as a mailing list function. The list has to have access to the session key to give access to that key to subscribers, at which point you've been hacker-in-the-middle-d. I can imagine applications where you're willing to trust the list, though, and if there were demand for that, I'd be willing to supervise a GSoC student who wanted to implement it.
Note that it is certainly possible to have end-to-end encryption of list email, but it requires that each poster have all the subscriber keys. I guess you could marry a keyserver with a mailing list, and if you want to call that "end-to-end encryption via mailing list" go ahead, but you still have to solve the problem of getting posters to keep their keyrings up to date, so I consider that "not a mailing list function".
And of course you only asked for security of "data in motion", but then you've got the harder problem of securing data at rest (which also requires cooperation from either recipients or from their MUAs -- buwhahahahaha!)
However, the simple (and for me painful) truth is that The Powers That Be _obviously_ do not want us to have secure communications. Their excuse is fear ("terrorism!") and their more dominant motive is profit. It's truly as simple is that.
It's not that simple though. While you're gonna need some *serious* booking up before you can win that substantial bet ;-), it would be possible (and has been done, cypherpunkery is real!) The problem is that we don't want it as bad as the cypherpunks did. So far we've been able to resist laws that require backdoors (who knows how many backdoors are there by bribery or other skullduggery, but it's not *legal*). So for some things we can win. But if we want really secure mail, as secure as for financial networks (which aren't perfect but they do OK), we're going to have to pay for it, and the average bloke isn't interested. They'd rather be outraged when their secrets get blabbed and their brother-in-law who actually did the dirty deed says "wasn't me, was some 400-lb-hacker-in-Mom's-basement".
Anyone who thinks their unencrypted emails are in any way secure on the open internet is, unfortunately SADLY mistaken.
This is true. Security by obscurity works up to a point, but if you ever get targeted by the FBI you're toast.
P.S. PERHAPS someone reading this has the energy and gumption to change this?! I sure hope so! ...I've been using email for 47 years now, I did my part, I tried hard, it's up to younger generations to carry it forward now. But I'll be happy to assist anyone else's efforts on this!
I'm not volunteering for the hacking part, but if somebody eligible for GSoC wants to propose it, and the mentors like the proposal, I'll mentor it.
Steve