[tptacek]

If it's an extraordinary claim, it's backed by extraordinary evidence. Modern secure messengers make it difficult (or even impossible) to accidentally send a plaintext message. Meanwhile, plaintext replies to encrypted emails are such a widespread phenomenon that practically everyone who has used them at any kind of scale has witnessed them. The reason those opsec lapses aren't newsworthy is because the underlying messages are unimportant, so nobody cares. Which is why it's important that people understand that almost all encrypted mails are LARPsec.

[belorn]

Failure in opsec does not prove that telling people to encrypt create worse security than explicitly telling people to not encrypt.

I do not see any extraordinary evidence that support your claim. It still sounds more like you are advocating for plain text, and since the encryption wars has been on going for the last 40 years it is worrying to see a new front being formed.

There are two requirements: Plain text should be banned from the network and sensitive data at rest in the hands of third parties should always be encrypted. Advancement in email security has gone forward enough that if both sides of a communication are running their own email server than the need for PGP has been made redundant. If however an untrusted third party is used by either side then the second requirement is not unfulfilled and sensitive data is leaked.

People can pretend that they don't have sensitive data and a single look at the company CRM, HR, customer registers and so on will show that it is really hard to operate a company without handling sensitive data which under GDPR has some real legal ramifications. A single email attachment and now a third party has a copy of that, and a data breach later at the service provider and a law suit happens. With that threat model and enough cases ending up in the news the cost of running unencrypted email goes up.

[tptacek]

I'm not telling people not to encrypt. People should encrypt. I'm telling them not to encrypt email, because email is unsafe. You're going to have to engage with my actual argument rather than fleeing to abstractions.

[Reelin]

I'm not the person you replied to, but there's no fleeing to abstractions here.

The point being made is that you continually fail to account for data at rest (among other things) in your arguments against encrypted email. Something doesn't have to be perfect to be useful. Most people don't need to fear for their lives if a single message leaks, but that doesn't mean they want plaintext copies of everything cached all over the place for who knows how long either.

[defen]

> The point being made is that you continually fail to account for data at rest (among other things) in your arguments against encrypted email.

Encrypted email with PGP doesn't give you data-at-rest encryption, though. See https://efail.de ... or the fact that forward secrecy was not a design consideration when it was designed in 1990.

> Most people don't need to fear for their lives if a single message leaks, but that doesn't mean they want plaintext copies of everything cached all over the place for who knows how long either.

This is the heart of the argument. You need to treat email (encrypted, or not) as if there are copies cached all over the place forever. You should assume that about any email you send (again, encrypted or not). This is why it's called security LARPing ... if your argument is simply "I don't want people reading my stuff, it's private"... well, no one cares about your emails. But the moment they do start caring, they can go back and read all of your emails, encrypted or not.

[Reelin]

PGP most certainly _does_ provide data at rest encryption. Efail isn't relevant here - it's a live exploit against an active target, not something that can be used against data at rest for which you lack the keys. And forward secrecy is hardly relevant to the point I made either (other than being a generally desirable feature).

> You need to treat email (encrypted, or not) as if there are copies cached all over the place forever.

That's my _entire point_. Assuming there are copies cached all over the place forever, I would strongly prefer that they were encrypted. How is this not an obviously desirable thing?!

> the moment they do start caring, they can go back and read all of your emails, encrypted or not

I do not believe that this claim is correct. Given a block of PGP encrypted text for which one lacks the private key, I am not aware of the existence of any practical attacks against the algorithm. If such an attack does exist, please point me to it - I would very much like to know about it.