On Wed, Jan 05, 2022 at 11:00:07PM -0500, Keith Moore wrote:
> Also I think there's widespread agreement that hop-by-hop encryption is
> necessary but insufficient; we need message encryption also.
This is often said, but rarely seriously meant, and I don't think it
amounts to "widespread agreement". There's been little progress or
likelihood thereof towards making E2E encrypted email usable.
> Agree with you that the sender, rather than any recipients, should be
> the one to determine whether a message requires encryption. Of course
> nothing stops any sender today from encrypting outgoing messages, other
> than a lack of support by most recipients MUAs and the difficulty of
> obtaining and verifying recipients' public keys.
As mentioned earlier, the public key distribution is one barrier, but
far more serious is that encrypted email is largely unusable once
received. Point in time decryption is fine for ephemeral messages, but
I expect to be able to find and read email years or decades later, and
here S/MIME and PGP fail rather badly.
--
Viktor.
