[Cryptography] What ever happened to end-to-end email encryption?

Henry Baker hbaker1 at pipeline.com
Sat Aug 21 09:44:56 EDT 2021 

Hi Radia:

It's even worse than that.

Check out this recent USENIX paper on STARTTLS in SMTP & IMAP; many email providers & email clients still can't achieve the basic requirement to not send email passwords in the clear.

https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak

And we still blame the Russians for hacking emails?

-----Original Message-----
From: R Perlman <radiajpc at gmail.com>
Sent: Aug 19, 2021 6:44 PM
To: <cryptography at metzdowd.com>
Subject: [Cryptography] What ever happened to end-to-end email encryption?

Despite PGP and S/MIME having been designed zillions of years ago, it seems like end-to-end email encryption/integrity protection are not widely used. Which of the following is reasonably close to the truth?
Of course they are widely used. I'm just not aware.
The usability issues were not worked out. How would a user obtain a public key? How would a user get a certificate? How would a user know the public key of someone they are receiving from/sending to?
It never reached critical mass…there were never enough people who could receive encrypted email that it was worth trying to figure out how to send it.
Big companies do not want end-to-end encryption of email. They want to have middleboxes be able to scan for phishing links and perhaps they are legally required to keep records of all email sent to or from company email addresses.
Even individual users need middleboxes to scan for spam and other services (such as maybe warning about dangerous links)
Ordinary users just aren't worried about having their email seen by others, at least not enough to figure out how to get an email client that can do encryption, obtain a key, etc.
Other solutions became popular, which (I think) involve a central server that a sender requests a secret key from, the sender encrypts with that secret key, and then the receiver needs to ask the central server for the key. I think if a big company is using such a product, it is implemented in a way that lets the company see plaintext of all email to/from that company's email addresses.
People don't really know what different forms of "encrypted email" mean, so central-server-secret-key-style, vs end-to-end with user public keys, vs using TLS between mail transfer agents all count as "encrypted email"
Something else?

Thanks,
Radia Perlman

More information about the cryptography mailing list