

Thunderbird and end-to-end email encryption – should this be a priority? - slasaus
https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/#comment-939

======
agd
I think this misses two main arguments for increased use of end to end
encryption.

1\. It reduces the behavioural entropy of people who really need it
(journalists, lawyers etc)

2\. It makes mass surveillance much harder.

Yes, if the NSA/FBI are after you, they can access your devices directly. But
ubiquitous strong encryption is still a Good Thing.

~~~
ethbro
Exactly. Imho, the true nuances of the outrage over NSA collection were never
that they could do it. That was assumed. It was that they could and were doing
it to (for all intents) _everything_.

Herd encryption isn't intended to make it impossible for them to gather
intelligence. It's intended to make it impossible for them to indiscriminately
gather dragnet intelligence.

------
datashovel
I think the end-to-end encryption of email is an important problem, but even
more important (IMO) is that email is no longer decentralized by any
reasonable standard.

The reason, if I had to guess, is probably primarily because of spam. But
these days, with ubiquity of high quality encryption standards in place in
most other realms of the web, why not in the validation of email transmission
between servers?

Here's an idea. Even if we generally still only have encryption at the
protocol level in email, why not incorporate a new header into the email
message itself (let's call it signature). Now anyone who deploys their own
email server can deploy their public key(s) for email in a TXT record in DNS,
and any recipient of email can now (for most practical purposes, without
substantial work on the part of the malicious hacker) guarantee that the
message was sent by who the sending server says it was sent by.

I think a wide-spread open standard as simple as this could help re-
decentralize email while not causing additional fear that spam will again make
our lives miserable.

~~~
slasaus
isn't that exactly what DKIM is?

"DomainKeys Identified Mail (DKIM) permits a person, role, or organization
that owns the signing domain to claim some responsibility for a message by
associating the domain with the message. This can be an author's organization,
an operational relay, or one of their agents. DKIM separates the question of
the identity of the Signer of the message from the purported author of the
message. Assertion of responsibility is validated through a cryptographic
signature and by querying the Signer's domain directly to retrieve the
appropriate public key. Message transit from author to recipient is through
relays that typically make no substantive change to the message content and
thus preserve the DKIM signature."

[https://tools.ietf.org/html/rfc6376](https://tools.ietf.org/html/rfc6376)

~~~
datashovel
Yes :)

------
falcolas
I have to admit, I had to look up JMAP. Seems like it's a bit of a one-off
solution, though there are promising benefits that I can immediately see over
IMAP.

I think it should be a data driven call - how much call is there for JMAP
support, and how much call is there for Encryption? Multiply each by some
factor, say, the inverse of an estimated cost to implement, and you should
have a rather reliable answer of which is a higher priority.

Perhaps more importantly, don't trust "The overwhelming consensus" when it
comes to security - we laymen either don't understand the implications to our
society, or feel it's a reasonable tradeoff since they have "nothing to hide".
Trust people who specialize in security. Send an email to Schneier, tptacek,
and others and see how important they believe it is for the world to have
easily accessable end to end encryption for communications.

------
smtpuser
can someone provide a compelling reason why the SMTP protocol does not have a
command to retrieve public key certificate for a given recipient email
address? Or a weaker alternative that provides the same cert for all addresses
in the domain?

~~~
jcranmer
The SMTP server that the submitting client talks to is almost always not the
SMTP server for the recipient's domain.

There are some drafts that do this using DANE
([https://tools.ietf.org/html/draft-ietf-dane-
smime-08](https://tools.ietf.org/html/draft-ietf-dane-smime-08),
[https://tools.ietf.org/html/draft-ietf-dane-
openpgpkey](https://tools.ietf.org/html/draft-ietf-dane-openpgpkey)).

------
imglorp
Yes.

~~~
rprospero
Betteridge's law would disagree

