There was a thread on Hacker News today about a topic that’s somewhat dear to me, and to which I’ve devoted a fair amount of thought: what will it take to get people using PGP for email?
Most of the comments in the thread echoed things I already knew: in a nutshell, PGP is both difficult to use and it doesn’t offer enough protection (specifically; that meta data including subject/to/from is not encrypted) given what we now know about government surveillance. I wrote a comment pointing to Adam Langley’s proposal for a new asynchronous messaging system, Pond, as a solution but the more I think about it the more I realize that Pond (as it currently stands) is missing some pieces, too.
The problems with email are multifold:
- It’s not encrypted
- It’s spoofable (to some degree)
- It leaks a ton of meta data (especially from/to addresses)
- There’s lots of spam
However, email also does a lot of things right (or at least, it derives great value from certain properties):
- It’s asynchronous
- Users/accounts may have multiple clients, and specifically the entire inbox is accessible from any client (not strictly a feature of the protocol, but the protocol enables it and it’s an important use case)
- It’s de-centralized
- It’s easy to address multiple recipients
- It’s easy to share necessary contact information (ie. email addresses)
- It’s easy to share files
Pond eliminates “cons” 1 through 4, and keeps “pros” 1, 3 and 6, but “pros” 2, 4, and 5 are kind of left hanging. Point 2 (“inbox is accessible from anywhere”) nullifies Pond’s noble goal of perfect forward secrecy to some extent, and so Langley specifically dictates a convention where messages are to be deleted within 1 week of receipt. That policy is consistent with the goal of perfect forward secrecy but it ignores the way email is currently used by most people (and especially most business users): archive as much as possible, and make sure it’s easily searchable later. So realistically, while PFS is great for data in motion it’s not so useful for data at rest in a widespread replacement for email (and, in fairness, Pond stakes no claim to that). Similarly, points 4 and 5 seem to simply be beyond the scope of Pond’s initial vision, but I think they would be a necessary part of a system that could replace email.
So, the mythical set of features I would want in a system that replaces email:
- Encrypted (end-to-end, with PFS for at least the transport)
- “Partly closed”
- Archived, searchable inbox
- Easy to share files
- Easy to address multiple recipients
- Easy to share contact information
Points 3 and 9 basically allude to the idea that it should still be easy to share contact information (ie. print it on a business card, put it on a website) but that it would be impossible to send someone a message unless they accept you as a contact, thus essentially eliminating spam.
Pond is really, really close to nailing all of those points. In fact, it may even be possible to build such a system as an extension on top of Pond as it currently exists. Adding mythical feature number 6 might be as simple as modifying the convention to state that the sender can set a flag requesting deletion after a given period (which, of course, the recipient would still be able to ignore, but it would at least offer user a way to define their own expectations for different genres of correspondence). Features 3 and 8 would depend on the implementation of 9, which is the trickiest by far, because feature number 9 touches on the issues surrounding key exchange and trusted parties.
Essentially, in order for it to be easy to share contact information in a system featuring end-to-end encryption, it needs to be easy to share encryption keys (and, to meet our usability criteria, it needs to happen in a way that’s optionally invisible to the end user—they need to be able to share a “new kind of email” address and have the system automatically figure out the most trusted way of communicating with that address). I haven’t looked into Pond deeply enough yet to have an idea for how that could be accomplished; a “web of trust” system would be ideal but it would probably expose network information, which is undesirable. I’ll probably end up thinking about it more in the next few days.