Supposedly crypto is fashionable. However, if you do crypto as a statement, you don’t actually write anything in email that’s actually secret. The signature is mostly a statement that you care enough to install EnigMail and get it working.
For many purposes, I don’t want people asking me about crypto, so I won’t GPG sign email to these people. I would need to know that someone is savvy to GPG before I would write that person a GPG-signed email.
It’s not always practical to USE the technologies associated with liberty. Sometimes you just have to familiarize yourself with them first.
For example, Enigmail likes to generate revocation certificates. That’s a nice idea. It’s a nice file to have. If I don’t sign anything important, I can practice revocation as an information-technology exercise.
Presumably there are real security professionals who use revocation certificates in the real world, but right now I can barely imagine that level of technical literacy. It’s a bit of a shock when one thinks that in a few short years the general public might be using similar revocation certificates for real-world purposes, not just for academic exercises.
Recently I have heard of the “Dark Mail Alliance,” but I suppose that their product will not be available for months or years.
This would be great if lots of people used it.
Silent Circle and Lavabit don’t plan to offer the technology exclusively. On the contrary, the source code of the software will be made public for anyone to scrutinize and audit, and the team is hoping that other email providers will be willing to join the Dark Mail Alliance. The more companies that do, the more secure email will become.
“Our vision is three or four years from now that this will become email 3.0—the way the majority of Internet users email,” says Mike Janke, Silent Circle’s CEO.