Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Okay, Harry, let us know when you're done with that :-) I suspect most of the rest of us would prefer the perfect not be an enemy of the good.


In encryption there is no "good": it is either "perfectly working" or "fundamentally compromised".

If there is only a small flaw in an encryption system, be assured that it will be exploited to break down the whole system. A simple example are all the issues with random number generators producing not perfectly random numbers; yes, it is just a slight problem in an otherwise good solution but that problem completely debases the overall system.


Yes gioele, I know. But we're not talking about flaws in the mailpile cryptosystem. Obviously their implementation of GPG will have to be professionally vetted. The other flaws (vulnerability to traffic analysis, reliance upon the recipient to store the message contents securely), are, to put it mildly, very hard to solve with email in its current incarnation. Taking the piss out of the mailpile folks because they don't solve these issues seems churlish at best.

With luck, they'll deliver a good, self-hosted gmail replacement with a secure mail store that's easy for folks to install on their own. That's surely a step forward.


Not really. NSA already use their mail mass-dumps mostly for aggregated analysis, to pinpoint networks of interlinked individuals which they can then pass to other agencies for parallel construction.

Mailpile will not change that.

At the very least, we need metadata encryption right about now.


I don't disagree with your last statement, but I also wish to point out that there are, believe it or not, other reasons to encrypt email that do not involve the NSA.


That is not correct. There can exist flaws that cause loss of entropy that do not entirely compromise a cryptosystem.


I have no desire to solve the problem. If I wanted to be an evil terrorist and blow shit up, which I don't, I'd quite happily do it without communicating with people.

As for good, it's not even that. See my comment here: https://news.ycombinator.com/item?id=6244196

Also, bear in mind I had the unfortunate job of designing and running ISP mail systems for a number of years so I know the whole stack inside out.


Actually, I don't believe you when you say you have no desire to solve the problem. Your referenced comment suggests otherwise.

Taking the piss out of the mailpile folks is probably professionally satisfying, on some level, but I think you have to admit that, once your done, we're still left with a fundamental problem. Your objections are perfectly correct, but surely you can appreciate the frustration when folks who should know what they're doing can only contribute a, "well, someone else should design a new email system with these features." Thanks for the help.

Yes, it is not perfect. Yes, traffic analysis is still a problem. Yes, it has not yet been vetted (because it doesn't really exist yet, which I think you have to admit is a pretty good reason). Still, it's better than flapping your arms about, helpfully declaring, "THE PROBLEM IS UNSOLVABLE!!"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: