[Cryptography] What ever happened to end-to-end email encryption?

[Christian Collberg]

>
>
>    - Other solutions became popular, which (I think) involve a central
>    server that a sender requests a secret key from, the sender encrypts with
>    that secret key, and then the receiver needs to ask the central server for
>    the key.  I think if a big company is using such a product, it is
>    implemented in a way that lets the company see plaintext of
>    all email to/from that company's email addresses.
>
> I'd say "workarounds have become popular." Having to deal with lawyers and
a large tech company lately, I've seen
   * email us an encrypted PDF and tell us the key over the phone, and
   * here's a temporary account we've made for you on our truly awful
internal mail service; I will send you an alert email to your regular gmail
address whenever I email you something so you know to log in and read the
message.

Some people clearly care about confidentiality of email and would,
presumably, be willing to go through some pain to set up a reasonable
service. We're not giving even those people the necessary tools.

C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210822/aae79712/attachment.htm>