Carl said:
Isn't it time for cypherpunks-who-write-code to respond to this obvious customer need?
I have no mailer myself but I do have a friend who produces one and I'm helping him to incorporate PGP seamlessly. It's taking a long time but it should be worth it.
Anyone else out there with their own mailer?
I've fooled around with writing a mailer, and I ran up against a few walls. The biggest one was my not being the world's greatest programmer, and not knowing much about email systems. But there are other problems as well, that I think would plague anyone who tries to write a mailer. The goal that I was working for was pretty straight forward: some sort of a secure system that would be as transparent as possible. Ideally, it would work just like elm or pine or eudora: you'd just say "I want to send mail to so-and-so", and all the rest would happen automatically. The mail would be encrypted, your signature would be affixed, the recipient wouldn't have to worry about decrypting the mail, and there'd be some small little indicator on his status bar that said the signature was good. The first thing I realized when I started fooling around with this is that my basic design, which was modeled on a QWK packet offline reader, wasn't practical. Why? First of all, all of the crypto work has to be done on a machine controlled by the user. This is obvious, and it's the reason I wanted to go QWK style in the first place. But think about what happens if you dl a packet of incoming mail. Inside, you've got a letter from someone you've never met before, and it's signed. How can you verify the signature? Right now, people don't use secure mail for day to day traffic because it's too much of a hassle. You can write a mailer to automate encryption and decryption, affixing and verifying signatures. But you're still going to have to require users to hunt down keys, decide if they want to trust them, and load them onto their key rings. That's enough hassle for most people to stick with elm. It seems to me that a prerequisite for a transparent, secure mail system is an efficient, interactive, IP based key distribution system. It would have to be distributed, at least if we were serious, because it would have to be able to handle several million people's keys. And the web of trust would have to be such that keys could be accepted (or rejected) automatically, without human intervention. If such a system of keyservers existed, it's not hard to imagine really useful secure mail systems, although implementing them would still be an awful lot of work. Sendmail could be configured to feed mail through programs to handle the crypto work on single user unix machines (or even on multi-user machines, if the users trusted the sysadmin), and some sort of a secure pop system could be developed for other people. But this would be a very big project, and would necessitate agreements on standards, etc.