The problem with S/MIME is that it is strictly hierarchical. That already hasn't worked well for TLS.
The aim of email encryption is in a large part to prevent government-level parties from reading the emails. It doesn't really make sense to then go back to a system controlled by the very same parties.
OpenPGPs web-of-trust model seems more appropriate.
But both approaches share a significant number of problems, so...
Here are some problems, from the top of my head, in no particular order:
- Subjects can't be encrypted.
- Encrypted mailing lists are complicated. Do you reencrypt in the middle?
What software do you use? The mailing list manager you use right now probably doesn't support it.
- Enigmail still doesn't support storing e-mails decrypted*. As a consequence, full-text search doesn't work.
- There's also S/MIME.
- Theres no software to manage public/private keys enterprise-wide.
- Legitimate server-side email retention requirements for enterprises
- Many people are quite alright with "most other people won't be able my email; maybe governments can".
- Most emails quite simply aren't that important.
- How do you deal with lost keys?
- Webmailers
- Often, as a sender at a company, you can not afford to inconvenience contacts.
- No easy way to synchronize keyrings.
- Server side spam filtering not possible
- Out-of-office auto-forwarding
- The other side uses gmail.
- Your mother keeps asking why you aren't on Whatsapp.
- The "metadata" (who mail whom? when? how long are the emails?) is quite telling.
Please solve all of these.
Sorry for the unreadable list. Thank pg for the shitty markup format.
Well there is one option for funding websites. I'm sure ingenious people will come up with dozens more. Instead of how it is now where they are forced to squander their creativity making sites that are ad-funded.
Not all of the web is ad-funded, and it's just a matter of us giving that part of the web a chance.
I actually asked a question concerning Chinese intelligence gathering on US entities which by extension relates to Snowden. Why would the Chinese spy so heavily in the US, but pass up US secrets that's practically on their doorstep?
I'm guessing you're not aware that top secret clearances more often than not require "code words" and you are read in aka given access to said code words on a strictly need to know basis. Some code words themselves are classified. Having a too secret clearance does by know possible way grant you access to everything like say the US nuclear defense details.
>Because if they are "heavily" spying on the U.S., they already knew all what Snowden had, and more.
We don't know this, and how would the Chinese know specifically what Snowden has? Do you have anything to suggest that they did?
>How many gov employees + contractors have top security clearances in the US? That's how.
This doesn't say much. Just because you have a clearance doesn't mean you have access to classified documents. In the miltary, for example, almost all aircraft maintainers have a secret clearance and they just fix tires.
Yes, but it's easier to teach admins to never use "PermitRootLogin yes" "because it's bad for security" than to teach them to never use weak passwords.
