Egregoros

@toiletpaper

> PGP/GPG

yes because non-techies famously don't have issues setting it up

pgp encrypted email has a huge ui/ux issue and makes it so you can't just send someone an email and have it just work™ -- that's the promise protonmail gives

> If it's not implemented by the MUA, then it's not really e2ee. MTA's already have TLS, DKIM, etc.

ofc MUAs need to support it too, but the whole stack needs to be aware so we don't end up delivering unreadable emails and confusing people even more

if pgp encrypted emails were enough, protonmail wouldn't exist

@navi

> non-techies ... a huge ui/ux issue

It's not a technical hurdle. The technology has existed practically from day one, but MUA developers have been lazy about making it user friendly. You can't send an encrypted message to someone without their public key anyway, so there's zero chance of accidentally sending a garbled message to someone who hasn't enabled encryption, unless they switch MUA regularly or are incompetent at key management (arguably the MUA's fault).

> don't end up delivering unreadable emails

Which is why encrypted messengers exist (eg. ICQ + OTR), because it's easier to implement something like this without having to also convince every weird legacy MUA to finally support it. Same goes for XMPP + OMEMO. It's often a pain in the ass to get it working because client apps implementation is utterly shit, especially cross-platform. Conversations is the only half decent implementation, but still limited to android, and presuming your contacts are either also on conversations infra, or are not "non-techies" and able to manage their own. Just getting a non-techie to verify a signature via side channel without trust on first use is like pulling teeth.

> the promise protonmail gives

protonmail, tutanota, barely qualify as e2ee given that the entire encryption and decryption process is handled by software served dynamically from their own centralised servers. Sure the algo runs in the browser (lol) on the client side, and technically the server doesn't have plain text copies of messages, but they control the code used in each and every interaction, which makes it possible for them to circumvent at will should they so choose. Sure proton has a desktop client available to paid users, and assuming it's not just a glorified webview, that might theoretically mitigate the issue, but otherwise it's basically just lipstick on a pig so they can tell cops to gtfo when they try to seize server equipment, assuming they choose not to cooperate. End of the day, you're trusting their word for it, not a cryptographic guarantee.

> ofc MUAs need to support it too

Which just brings the problem back around full circle. Until you get the MUA developers to support it, any proposed solution is dead in the water. The fact that PGP/GPG has been around for 35 years now and no one has bothered to make it user friendly enough to catch on, should tell you everything you need to know about that. It's not the cryptography that's at fault. Moreover there's no need for the MTA to even know PGP/GPG exists, much less support it, since it's all handled in the client where it belongs.

All that aside, the closest I've seen to what you're talking about is delta.chat