[Cryptography] What ever happened to end-to-end email encryption?

R Perlman radiajpc at gmail.com
Thu Aug 19 21:44:11 EDT 2021 

Despite PGP and S/MIME having been designed zillions of years ago, it seems
like end-to-end email encryption/integrity protection are not widely used.
Which of the following is reasonably close to the truth?

   - Of course they are widely used. I'm just not aware.
   - The usability issues were not worked out. How would a user obtain a
   public key? How would a user get a certificate? How would a user know the
   public key of someone they are receiving from/sending to?
   - It never reached critical mass…there were never enough people who
   could receive encrypted email that it was worth trying to figure out how to
   send it.
   - Big companies do not want end-to-end encryption of email. They want to
   have middleboxes be able to scan for phishing links and perhaps they are
   legally required to keep records of all email sent to or from company email
   addresses.
   - Even individual users need middleboxes to scan for spam and other
   services (such as maybe warning about dangerous links)
   - Ordinary users just aren't worried about having their email seen by
   others, at least not enough to figure out how to get an email client that
   can do encryption, obtain a key, etc.
   - Other solutions became popular, which (I think) involve a central
   server that a sender requests a secret key from, the sender encrypts with
   that secret key, and then the receiver needs to ask the central server for
   the key.  I think if a big company is using such a product, it is
   implemented in a way that lets the company see plaintext of
   all email to/from that company's email addresses.
   - People don't really know what different forms of "encrypted email"
   mean, so central-server-secret-key-style, vs end-to-end with user public
   keys, vs using TLS between mail transfer agents all count as "encrypted
   email"
   - Something else?

Thanks,
Radia Perlman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210819/b6a86cd0/attachment.htm>

More information about the cryptography mailing list