[Cryptography] Email is unsecurable

Viktor Dukhovni cryptography at dukhovni.org
Mon Nov 25 10:05:00 EST 2013 

On Mon, Nov 25, 2013 at 09:01:31AM +0300, ianG wrote:

> >Yes, but it's about time we do something about that. Do we *exactly know
> >why* it is such a failure?

The "failure" is easy to understand.  E-mail is not just ephemeral
correspondence within your existing network of direct acquaintances.

It is not too difficult to design instant-messaging systems that
support end-to-end encryption.  Perhaps Skype was once approximately
such a system.  It is less clear that such systems will be competitive
against the existing IM systems from the free consumer providers
whose service is monitored users sold to advertisers.

E-mail is basically business correspondence.

    - E-mail is stored.
    - E-mail is sent to many people outside your personal social network.
    - Business recipients of email are often subject to corporate and/or
      regulatory policy constraints that are in conflict with end-to-end
      encryption.

The above list of features can be greatly expanded, and the
consequences elaborated, but I doubt may on this list truly need
to be re-educated about email.

So I will confidently predict that end-to-end secure email will
remain a niche service used by a tiny minority.

For the rest of the world, what we may be able to secure is the
SMTP hop-by-hop transport with TLS and DANE (provided we can get
DNSSEC off the ground).

Even businesses that one might expect to implement at least encryption
to the "gateway", are in many cases choosing to out-source their
gateway to 3rd-party providers (anti-spam and anti-virus offerings
only work with un-encrypted email, and in many cases the provider
also operates the entire mail store).

Security of stored email will at best be a service offered at the
recipient's mailstore, which encrypts all incoming mail to the
recipient's public key just before it is stored.

I say "at best", because most users will not choose this option.

    - This precludes server-side search.
    - This precludes advertising supported web access, so users
      might have to *pay* for a service which is more secure, but
      offers less convenience.
    - A complacent public does not perceive pervasive surveillance
      as a personal threat.

So my prediction is that end-to-end secure communication will be
possible by various means, but for most people email will not be
where they encounter end-to-end security.

-- 
	Viktor.

P.S.

I use S/MIME successfully within a circle of 3-people all of whom
receive their email @dukhovni.org.  S/MIME is hardly needed, the
mail never leaves the submission server, which delivers it locally.

More information about the cryptography mailing list