On 1/6/22 9:28 AM, Phillip Hallam-Baker wrote:
Yes, but as I understand those attacks, they occurred _after_ the received messages were stored. Even if we manage to protect messages end-to-end (from the originator's mail client until they are received by the server), keeping the sender-supplied encryption after the messages are received is a much harder problem (as I and others have pointed out). People need to be able to search through received emails.
Also I think there's widespread agreement that hop-by-hop encryption is
necessary but insufficient; we need message encryption also.
Whether there is 'widespread agreement' is irrelevant. The facts and the evidence prove that messages need to be encrypted end to end.
We spent the entire 2016 election with Trump's team attacking Clinton's handling of email. The director of the FBI despicably abused his office to join in that partisan attack. On and on and on.
Meanwhile, agents of the GRU and FSB hacked into the DNC and stole the Democrats campaign strategy off the mail server. These were passed to the Trump campaign and other emails were released through a Russian operative based in London.
It seemed that their security was so lax that attacking their
email didn't require the resources of a state-supported agency.
And I think you make a good point that it's necessary to protect
data at rest. But if the cleartext is still easily accessible by
users running insecure computers, that encryption will do little
good. If that cleartext is still accessible by users with
passwords, the encryption will do no good at all. Had the
Clinton campaign used an encrypted file store to store their
email, their email would have been exfiltrated just the same. 2FA
might have helped though.
Keith
