Saturday, December 08, 2007

 

Thoughts on Email Encryption

Could vendors in the email space such as Zimbra, Microsoft, HushMail, IronPort, PGP, GNUPG< ZixMail, Tumbleweed and others do more to increase email security?



Standards such as S/MIME have been around for awhile now but otherwise aren't pervasively used. The main problem with email encryption is that you have to have the public key of the recipient and send time, yet there is no great way to discover it.

Maybe the problem could be decomposed into several chunks. First, let's address the notion of discovery which seems to be for the most part addressed with technologies such as Information Cards and OpenID. Sadly, the identity community members such as Kim Cameron, Johannes Ernst, Jeff Bohren, Pat Patterson, Dick Hardt and others seem to be focused solely on web applications being consumers. What if they could apply their thinking on discovery to the email problem space?

Of course the second component would be the need for federated directory services which Mark Wilcox and Nishant Kaushik seem to have wonderful solutions that would only need slight modification in order to make this reality. Finally, if the folks over at Microsoft could get the Exchange Team to either dynamically lookup or at least store external keys, then the solution would be complete.

Would be curious to hear from others why no one is interested in having a larger conversation?







<< Home
| | View blog reactions


This page is powered by Blogger. Isn't yours?