i think it might in theory

  • jimmy90@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    4
    ·
    10 months ago

    fair enough, i wonder if there are lessons to learn from email that can help the fediverse

    • edric@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      10 months ago

      Well for one, email is inherently insecure, so not sure if the fediverse can learn from that. It’s already not private.

      • helenslunch@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        10 months ago

        It’s not inherently insecure. There are secure email services but all parties have to be using it.

        • edric@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          10 months ago

          Exactly, that was my point. Email as it is, is insecure, because you can’t encrypt it and make it work universally unless everyone else does.

            • edric@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              10 months ago

              English isn’t my first language so I might be using “inherently” incorrectly, but I thought it means:

              in a way that exists as a natural or basic part of something

              So in its basic and natural form, email is not secure. It wasn’t designed as such. Full E2E encryption was only implemented recently by certain providers within their own domains, and won’t work across the board unless all of them cooperate, which won’t happen.

              • helenslunch@feddit.nl
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                10 months ago

                “Inherently” means essentially “no matter how you do it”. If you use an encrypted email provider to send a message to another user on another encrypted email provider, it’s perfectly secure. Ergo, it’s not “inherent”.

                Full E2E encryption was only implemented recently by certain providers within their own domains

                It definitely works across domains. All you have to do is point your domain at your preferred secure email provider.

                and won’t work across the board

                It doesn’t need to.

    • Oliver Lowe@hachyderm.io
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      10 months ago

      @jimmy90 @zeppo For sure. One major lesson off the top of my head is with ActivityPub is how errors are presented. I’ve written software to fiddle around with ActivityPub and found servers have terrible - if any - error messages. SMTP provides a bunch of standardised status codes that servers can give back to you, along with diagnostic info. In theory this is possible with apub but in practice it is not addressed at all.

      @fediverse