Deployment strategy for email+ Was: Mail is worse than everything except...

[Phillip Hallam-Baker <phill@hallambaker.com>]

On Fri, Apr 29, 2022 at 11:20 PM John R Levine <johnl@taugh.com> wrote:

> > It will certainly be an unpopular thing to say but I will say it:
> Protocols
> > wear out over time.
>
> In principle I wouldn't disagree, but in practice I don't see how we
> migrate from SMTP to SMTP++ or whatever.
>

The devil is in the deployment. That is why I have always had a deployment
plan and designed for deployment.

First: The Web succeeded, every other network hypertext scheme failed. Tim
Berners-Lee knew what he was doing, he calculated his moves. I watched him
and I am copying the same approach.

At this point, I have running code:

Demo Reel - YouTube
<https://www.youtube.com/playlist?list=PLK2hHAOxepEgZtTxX3BtkPUDIJ3--_FAu>
https://www.youtube.com/playlist?list=PLK2hHAOxepEgZtTxX3BtkPUDIJ3--_FAu

It is not a replacement for SMTP at this point. It does contain a messaging
system but that is limited to messages of 32 KB. It does not compete with
SMTP or even SMTP+S/MIME. It is a secure messaging layer for supporting
asynchronous workflow interactions. That is something which has value in
the enterprise as a basis for automating clerical processes.

One big failure in the IETF way of doing things is to limit the scope so
the deliverable doesn't come close to being a minimum viable product.
Another is that discussion of the UI is out of scope. Both doom efforts to
fail.


The Mesh is not a vast amount of code, in fact the code base has shrunk
considerably over the past three years. But the functionality is now
comprehensive. Mesh users currently get:

* An end-to-end secure password vault.
* A contacts directory that automatically updates.
* A means to secure data at rest and easily share it with their co-workers.
* Management of keys and credentials over all their user and IoT devices.
* End to end secure sharing of bookmarks, network configs, application
credentials across devices.
* Provisioning of OpenPGP and S/MIME keys.
* A 2FA replacement that is better than anything on the market today.

I am currently working on adding:

* The ability to create life-long callsigns that do not expire and do not
require 'rent'.
* An end to end secure messaging client with text, voice and video
modalities.
* A GUI management tool to replace the linemode.
* A Web browser that has the bookmark and password management integrated.

My profound gratitude to the folk at Microsoft whose .NET7, MAUI and
WebView2 platforms enable me to produce demoware that is close to
production quality in a remarkably short space of time. The first iteration
of the Web Browser took less than a day and the skeleton was up in under an
hour.


The big difference between my work and others in the industry is that I
have no shareholders. I am not building a walled garden designed to acquire
a group of users and bind them to my service. Mesh accounts are fully
portable. There are no switching costs. If Alice decides she is fed up with
service from Mathmesh.com, she can move to a rival and take all her data
with her. The contact details and forwarding addresses all update
automatically.


You know as well as anyone that for decades people have been saying e-mail
> is dead, everyone uses X instead, but the X keeps changing and e-mail is
> still around.
>


And here is how I plan to unthrone SMTP.

First get people to make use of my contacts book to exchange signed context
assertions which can include the credentials required to establish
end-to-end secure communications by means of any messaging, chat, mail etc
protocol. So your Skype, Signal, WhatsApp, SMTP, OpenPGP, SSH, S/MIME etc
contact info can all be presented in a contact.

[NB, this email is going to be too long as it is without folk quibbling
about whatifs. Yes Alice can create separate contacts so she only exposes
her email address and phone number to a select number of important
contacts.]
Alice and Bob can exchange contact information in various ways. They can do
so directly if they meet in person and bump phones. There used to be a
wonderful app for that until Yahoo bought it up and shuttered it. Yes,
iPhones can bump to iPhones via airdrop but that is a walled garden.

Alternatively Alice can put a QR code on her business card and Bob can scan
it. Alice can send Bob an email with a link.

Support for cases where Alice and Bob interact directly is relatively
straightforward. But for cases where there is an employer, I need PKIX
style capabilities. And for cases where Bob is going to get Alice's contact
information from Carol, I need a really short, really easy to use
identifier with the absolute minimum of clutter. Which is where my callsign
registry comes in. This allows Carol to tell Bob to contact @alice.


So at this point, if everyone is using my contacts book, the conditions
have been created that make the emergence of SMTP+ inevitable. Because
Alice's contact details will contain both her RFC822 SMTP address and the
contact details for email+.

The way I see email+ initially getting traction is within enterprises. 80%
of the employees in most large enterprises have little or no email
interaction with external users in an enterprise setting. So having one
email protocol for internal emails and a separate protocol for external
communications is entirely practical. In fact this is already the case with
Outlook and Exchange. Adding an extra protocol handler to Outlook and
Thunderbird is actually pretty straightforward.


Once the switching costs for deploying a new email protocol are addressed,
the only thing we need to add is some advantage for the new scheme. This is
really not a problem. Mesh Messaging is limited to 32KB but messages can
contain a link to an attachment of any size. So while I don't have code
yet, I know what advantages Mesh Mail can provide:

* Every mail is signed, no spam impersonating the ceo
* Every mail is end-to-end encrypted
* Every mail is subject to access control, no spam from unauthorized parties
* Mail messages can be of any size because large messages are pulled, not
pushed.
* Mail messages integrate into workflow.


If this type of open, mail messaging scheme gains ground inside
enterprises, it will start being used between enterprises as well.

Seems worth a shot.


PHB