English isn’t my first language so I might be using “inherently” incorrectly, but I thought it means:
in a way that exists as a natural or basic part of something
So in its basic and natural form, email is not secure. It wasn’t designed as such. Full E2E encryption was only implemented recently by certain providers within their own domains, and won’t work across the board unless all of them cooperate, which won’t happen.
“Inherently” means essentially “no matter how you do it”. If you use an encrypted email provider to send a message to another user on another encrypted email provider, it’s perfectly secure. Ergo, it’s not “inherent”.
Full E2E encryption was only implemented recently by certain providers within their own domains
It definitely works across domains. All you have to do is point your domain at your preferred secure email provider.
@jimmy90@zeppo For sure. One major lesson off the top of my head is with ActivityPub is how errors are presented. I’ve written software to fiddle around with ActivityPub and found servers have terrible - if any - error messages.SMTP provides a bunch of standardised status codes that servers can give back to you, along with diagnostic info. In theory this is possible with apub but in practice it is not addressed at all.
fair enough, i wonder if there are lessons to learn from email that can help the fediverse
Well for one, email is inherently insecure, so not sure if the fediverse can learn from that. It’s already not private.
It’s not inherently insecure. There are secure email services but all parties have to be using it.
Exactly, that was my point. Email as it is, is insecure, because you can’t encrypt it and make it work universally unless everyone else does.
Exactly, that was my point. That means it is not inherently insecure.
English isn’t my first language so I might be using “inherently” incorrectly, but I thought it means:
So in its basic and natural form, email is not secure. It wasn’t designed as such. Full E2E encryption was only implemented recently by certain providers within their own domains, and won’t work across the board unless all of them cooperate, which won’t happen.
“Inherently” means essentially “no matter how you do it”. If you use an encrypted email provider to send a message to another user on another encrypted email provider, it’s perfectly secure. Ergo, it’s not “inherent”.
It definitely works across domains. All you have to do is point your domain at your preferred secure email provider.
It doesn’t need to.
@jimmy90 @zeppo For sure. One major lesson off the top of my head is with ActivityPub is how errors are presented. I’ve written software to fiddle around with ActivityPub and found servers have terrible - if any - error messages. SMTP provides a bunch of standardised status codes that servers can give back to you, along with diagnostic info. In theory this is possible with apub but in practice it is not addressed at all.
@fediverse