[Cryptography] What ever happened to end-to-end email encryption?

Lanlan Pan abbypan at gmail.com
Sat Aug 21 23:09:09 EDT 2021


Peter Fairbrother <peter at tsto.co.uk> 于2021年8月22日周日 上午10:44写道:

> On 20/08/2021 02:44, R Perlman wrote:
> > Despite PGP and S/MIME having been designed zillions of years ago, it
> > seems like end-to-end email encryption/integrity protection are not
> > widely used. Which of the following is reasonably close to the truth?
>
> Couple of things, but first and foremost, overriding all else, there is
> the usability issue. PGP and S/MIME are almost impossible for a learner
> user to use.
>
> The eighth law: A system which is hard to use will be misused, abused
> and underused. It isn't called a law for nothing, you can't get away
> with breaking it.
>
>
> Second, while there is are use-cases for end-to-end encrypted email (eg
> for medical stuff, but plenty more), there are also use cases for
> unencrypted email - ease of use again being an issue, but also spam
> filtering, users often don't care about confidentiality (and email is
> reasonably private, fsvo "reasonably", anyway), or the subject matter
> isn't at all confidential (eg this email), and so on.
>

> And don't forget the data-grabbing aspects: Google don't provide free
> gmail accounts for fun.
>
The mail service should be easy to use.
If mail is end-to-end encrypted, it is complex to the web browser only
environment.
Therefore, there should be a trusted terminal to access and decrypt. The
"trusted terminal" should be checked by the authenticated server. It may
depend on Google/Apple's account system to distribute the public key +  and
end-to-end to sync the private key between user's trusted terminals.
And the spam filtering has to be done on the terminal.

>
> So email fills the postcard market (and a few other similar ones), but
> we don't have anything widespread like the sealed letter market.
>
> Which is a shame, but before you can address that you have to sort out
> the usability issues.
>
> End-to-end encrypted email (or some other form of stored messaging, but
> it would be convenient to build it on top of the email format if
> possible) could be implemented in a user-friendly manner, but so far
> no-one has done it.
>
> How to do it is another discussion, but this is my take on why it isn't
> happening.
>
>
> Peter Fairbrother
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> https://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210822/28afbf93/attachment.htm>


More information about the cryptography mailing list