top | item 46410565

(no title)

p2detar | 2 months ago

> Your mail either needs to be encrypted reliably against real adversaries or it doesn't.

It is, GPG take care of that.

> If the idea here is, a private group of friends can just agree never to put anything in their subjects, or to accidentally send unencrypted replies

That’s not what I’m talking about. It’s an enterprise - you cannot send non-encrypted emails from your work mail account, the gateway takes care of it. It has many rules, including such based on the sender and recipient.

Surely, someone can print the mail and carry it out of the company’s premises, but at this point it’s intentional and the cat’s already out of the bag.

discuss

tptacek|2 months ago

If you're relying on a trusted gateway, you don't need any of this; just do TLS to the gateway to exchange messages. This is how 95% of corporate "secure email" systems work.

p2detar|2 months ago

But you don't know how many SMTP relays the recipient has and if they are all secured. E2E encryption, be it via GPG or x.509/SMIME, is still good in that case.

edit: smime