[liberationtech] [guardian-dev] An email service that requires GPG/PGP?

[Ali-Reza Anghaie]

Griffin,

The more this gets fleshed out on list - the more it departs from any
vestige of email and then you're basically talking about shoe-horning
a different architectural beast into a transport protocol we happen to
know. (I'm not saying ~you~ are planning that - just making an
observation of nuanced list evolution.)

You're going to end up in a place that it might be more tenable to
pursue building out better transport options for a RetroShare or Kolab
environment. Usability for new users is going to take a massive hit
with any proposal that seems to catch interest above. I therefore I
think it may be prudent to consider an encapsulated secure environment
(using RetroShare as an example) with a bridge ingress/egress to the
outside world services that gets handled like a PGP Universal setup.
Using x509 or PGP, not sure we'd care as long as the CA model of today
had nothing to do with it - or minimally involved in the external
bridging.

In a sense what I'm saying is stop even considering "secure email" an
option - we need to start having people think about their
communications and security models entirely different. And I'm afraid
that even attempting to maintain vestiges of the old environment and
~terminology~ actually does more harm than good.

This isn't to say abandon security of email - but lets tackle the
new-fangled solutions on one leg (leaving behind as much legacy as
possible) - and use political means to continue to attack the
"Internet of old" problems (e.g. email) on the other leg.

That made total sense in my head. *grimace* Cheers, -Ali