|Absolute Value|

Currently in the business world, paper reigns supreme.  The stats that companies come out with how many emails are sent per day can safely be ignored by the one caveat of email.  Most businesses and government agencies will only accept originals of documents or copies that have been authorised.

With the advent of digital signatures (and yes, this is from years ago) you could now establish proper trust around email and the contents.  It is possible using a “Web of Trust” model to properly show and audit the validity of any given email.  The ability to do this applies to most digital media.  I.e. we can sign or encrypt anything digital but mostly in this article email is the primary subject.

The problem that I see with digital signatures and encryption keys is the fact that they are not easy to setup.  Getting a key for your email address is not a simple task to the ordinary user and continues to be so years after PKI came about.  Outlook, Thunderbird and Opera (as examples) do not make the procedure any easier for “my mom”.  For the ordinary user, the process for importing a digital signature is simply too big a wall to climb and results in a very low rate of signup for keys and even fewer realising the value in them.

My thinking on this is two fold.  The first part is to make it “compulsory” for domain owners to provide digital signatures and keys to every mail client.  This can be started at the webmail providers.  Hotmail, GMail, Yahoo should all provide a digital signature on startup and allow the users to sign email and easily import their contacts’ keys on receiving an email from them.  This will at the very least raise the level of awareness in PKI.

Secondly, email clients need to make the ability to create and import a key be seamless.  There is nothing stopping Microsoft or Mozilla from partering with a PKI supplier such as OpenCert, Thawte or Verisign to allow keys to be created within the mail client and have them seamlessy integrated with the mail client.  And have the keys created without leaving the mail client.

If these two objectives can be met, the amount of email being sent that is either being signed or encrypted will hopefully increase at an exponential rate.  If more people rely on the PKI to ensure that the email they are receiving is either unaltered or has not been read by anyone else, the more pressue can be put onto businesses to accept emails as official documentation.

This article seems a little sugar coated to me but does put my point across.

Following on from a post by Ben Metcalfe about the new version of Gtalk, all of the features that are added in Gtalk will (if ratified) form part of the open jabber protocol.

All features are first passed to Jabber as part of a Jabber Enhancement Proposal (JEP) which is an official document proposing a new enhancement to the protocol itself.  If this is ratified it becomes part of the official Jabber protocol.

Now obviously Google want their IM client having these features now and have implemented the JEPs without having it ratified first.  Which isn’t by any means a bad thing, but means gtalk doesn’t follow the jabber protocol to the letter.

Just a clear up for some issues that seem to have crept up.