[ih] email at scale

[John Kristoff]

On Tue, May 15, 2012 at 04:39:09AM +0000, paul vixie wrote:
> noting, i'm a happy user of pgp, but i have only 2*10^3 keys in my key
> ring, whereas there are 2*10^9 internet users today out of a worldwide
> population of 6*10^9. i don't think we're going to get where we need
> to go using pgp, nor anything like pgp.

Hi Paul,

You statement seems to imply a false premise of everyone wanting or even
needing to have each end have a key ring of 2*10^9, but I'd like to
suggest that need not be the case.

We seem to have at least some success, albeit imperfect, with some well
known starting point(s) like we have with X.509 certificates and are
getting DNSSEC.  Just as you have only a few hundred PGP keys, so to do
typical HTTPS and DNSSEC ends only need to know about a subset of
certificates or keys respectively.  Maybe something like PGP just lacks
that widely agreed upon and ubiquitous entry point into the web of
trust?  And maybe we just need to find a compelling way to get that part
done.

I'm not optimistic it can happen, because too often someone needs to
come up with a business plan that will ultimately make someone some
money while convincing a large population of users that they should use
this technology.  Unfortunately convincing people to apply some advanced
authentication and crypto to their communications is just doesn't seem
as important to the average user as being able to see what their high
school acquaintance had for lunch yesterday.

John