[Cryptography] What ever happened to end-to-end email encryption?

[Brian Gladman]

On 20/08/2021 02:44, R Perlman wrote:
> Despite PGP and S/MIME having been designed zillions of years ago, it 
> seems like end-to-end email encryption/integrity protection are not 
> widely used. Which of the following is reasonably close to the truth?

[snip list]

Having been in the information security business for 40+ years, one of 
the principles I believe in is that, in contemplating systems involving 
functionality, security and scale, we can have at most two of these 
three properties.

And the sad fact is that people consistently prefer functionality over 
security and this means that anything that is only effective if deployed 
at scale will inevitably be insecure (in the sense of achieving a high 
level of security).

We see this all the time. For example, when mobile phones were 
introduced they were necessarily deployed at scale but they had very 
limited functionality and could have achieved a reasonable level of 
security if users had wanted it.  But it was functionality that phone 
users wanted and we have now ended up with mobiles that exhibit all the 
security weaknesses of personal computers.

And email systems exhibit the same evolutionary path towards increased 
functionality at the expense of their potential to offer security.

And if this wasn't bad enough, we then have the actions of governments, 
most of which don't want 'security for the masses' and some of which 
actively act to undermine it.

    Brian Gladman