[Cryptography] What ever happened to end-to-end email encryption?
Peter Fairbrother
peter at tsto.co.uk
Sat Aug 21 01:11:12 EDT 2021
On 20/08/2021 02:44, R Perlman wrote:
> Despite PGP and S/MIME having been designed zillions of years ago, it
> seems like end-to-end email encryption/integrity protection are not
> widely used. Which of the following is reasonably close to the truth?
Couple of things, but first and foremost, overriding all else, there is
the usability issue. PGP and S/MIME are almost impossible for a learner
user to use.
The eighth law: A system which is hard to use will be misused, abused
and underused. It isn't called a law for nothing, you can't get away
with breaking it.
Second, while there is are use-cases for end-to-end encrypted email (eg
for medical stuff, but plenty more), there are also use cases for
unencrypted email - ease of use again being an issue, but also spam
filtering, users often don't care about confidentiality (and email is
reasonably private, fsvo "reasonably", anyway), or the subject matter
isn't at all confidential (eg this email), and so on.
And don't forget the data-grabbing aspects: Google don't provide free
gmail accounts for fun.
So email fills the postcard market (and a few other similar ones), but
we don't have anything widespread like the sealed letter market.
Which is a shame, but before you can address that you have to sort out
the usability issues.
End-to-end encrypted email (or some other form of stored messaging, but
it would be convenient to build it on top of the email format if
possible) could be implemented in a user-friendly manner, but so far
no-one has done it.
How to do it is another discussion, but this is my take on why it isn't
happening.
Peter Fairbrother
More information about the cryptography
mailing list