>> A major problems with all E2E email encryption proposals is unrelated >> to key distribution, none of the extant MUAs provide an adequate >> interface for E2E encrypted email. >> + Encrypted email is not searchable. > > Sure it is, by the recipient MUA, else the user could not read their email. > It would not be searchable by a 3rd party - which is the point of encryption. Which MUAs index content of encrypted messages? How does this work for clients that store only a cache of recent messages, or webmail? >> + Encrypted email is difficult to scan for spam and malware > > The scan would have to take place in the MUA. Firewall scanners would fail, > as they do now with S/MIME or encrypted PGP. Endpoint scans are often not nearly as effective. >> + Changing the private key can mean loss of access to email >> encrypted under the old key. > > Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. > - So Do not do that :-) The mocking tone is entirely out of place. Not all MUAs support multiple recipient keys. >> + Signatures stop verifying when the signature key expires, >> even though they were valid at the the email was received. > > Again, do not throw away the old keys. An MUA should not allow a user to throw away > any key needed for any message still in the store. Yep - complex. Should not is not the same as do not. My point is and remains that E2E encryption of email is not usable with today's MUAs, progress on some of the issues is both difficult and unlikely. -- Viktor.