[Cryptography] What ever happened to end-to-end email encryption?

[Peter Fairbrother]

On 20/08/2021 02:44, R Perlman wrote:
> Despite PGP and S/MIME having been designed zillions of years ago, it 
> seems like end-to-end email encryption/integrity protection are not 
> widely used. Which of the following is reasonably close to the truth?

Couple of things, but first and foremost, overriding all else, there is 
the usability issue. PGP and S/MIME are almost impossible for a learner 
user to use.

The eighth law: A system which is hard to use will be misused, abused 
and underused. It isn't called a law for nothing, you can't get away 
with breaking it.


Second, while there is are use-cases for end-to-end encrypted email (eg 
for medical stuff, but plenty more), there are also use cases for 
unencrypted email - ease of use again being an issue, but also spam 
filtering, users often don't care about confidentiality (and email is 
reasonably private, fsvo "reasonably", anyway), or the subject matter 
isn't at all confidential (eg this email), and so on.

And don't forget the data-grabbing aspects: Google don't provide free 
gmail accounts for fun.

So email fills the postcard market (and a few other similar ones), but 
we don't have anything widespread like the sealed letter market.

Which is a shame, but before you can address that you have to sort out 
the usability issues.

End-to-end encrypted email (or some other form of stored messaging, but 
it would be convenient to build it on top of the email format if 
possible) could be implemented in a user-friendly manner, but so far 
no-one has done it.

How to do it is another discussion, but this is my take on why it isn't 
happening.


Peter Fairbrother