| "I think it's because there still isn't a good metaphor that covers up the complexity of public key encryption. Such a metaphor is a prerequisite for a UI that the average user can comprehend." We already have that metaphor: the private inbox. People assume that their inbox is private and that nobody else can read it; public key encryption is how we ensure that is the case. The UI should treat a public key as a destination. In fact, we can set things up so that an email address is a public key, though it requires a private key generating authority: https://en.wikipedia.org/wiki/Identity_based_encryption Before dismissing this, consider the following: 1. The key generating authority can be separate from the email service. 2. We can make threshold key generation systems, so that no single entity can decrypt anyone's messages. 3. The sender picks the authority/authorities that the receiver will use. This solves one of the biggest problems with PGP: no matter how badly you want to encrypt, you need the receivers of your message to set up their public keys first. |