
What Exactly Is End-To-End Encryption? - abgoldberg
https://medium.com/ink-different/what-exactly-is-end-to-end-encryption-d43752476e44
======
koliber
As the article points out, encryption is an already solved problem. The
problem that is, and always has been problematic is key distribution.

Companies that offer encryption products use various mechanisms to allow the
sender and the recipient to end up with matching keys. It is surprisingly
difficult to do correctly.

It is not enough that the communication stays encrypted from the sender,
through the server, and to the recipient. It is also important that no one
besides the sender and recipient has the ability to decrypt that
communication.

~~~
abgoldberg
Yeah, this is an excellent point. For the Inky product mentioned in the
article, a good explanation of how they handle key storage and distribution is
provided here: [https://medium.com/ink-different/how-inky-stores-
encryption-...](https://medium.com/ink-different/how-inky-stores-encryption-
keys-safely-c3715756b224)

------
Canada
Inky has posted a document entitled "Inky Security White Paper" here:
[http://inky.com/secure/](http://inky.com/secure/)

Haven't tried the software or given their paper a proper read yet.

Initial thoughts: No forward/future secrecy. Stores user private keys on their
server encrypted with user supplied passwords. Their centralized service is
trusted for identity. Not sure how users update their secrets if compromised.

Adding proper E2E crypto to legacy email is hard. I don't think they solve it.

------
y7
To me, this mostly reads like an ad for OP's product Inky.

