[tzs]

> What's the point of anything stronger than TLS in transit if GMail can just read the full unencrypted message?

I thought the point was to make it so that if GMail reads the message body they see something like this:

  -----BEGIN PGP MESSAGE-----

  hF4DiRYQNnty8w4SAQdAdiM2arHOheTBYTJriZZQOarZJy39Hs2Hl2tbAM/n5yMw
  3DrQEjbJtP2LAm1oxaKPI3cyL05OFMU4p5ZMzbNIChEgNG7dxrUZJ9/0aS1P/8hl
  0lkBHVB0DPdgxtLk7tl23iozcnoP4Heua1Lvqf891Cy51409FHk4UX/hUPwg2E/O
  mRczP2UVrbBB90CA0L0wRFfXZpPTtq0UusAtPZ4evtzEgcH4pDK5LV7hog==
  =vlQ3
  -----END PGP MESSAGE-----

which is probably not going to tell them anything useful.

That seems pretty useful to me. Sure, they still get to see the subject, the sender, and the recipient list so they get important metadata about my communications. But most of the time my communications are with people that I'm already known to communicate with, and the subject just reveals that the message is about some topic that I'm already known to communicate with them about. All the stuff that would actually be new and interesting to a third party is in the body.

On the other hand I seem to recall tptacek saying that just encrypting the message body is worthless, and when it comes to cryptography that guy's smart. I mean like fuck-a-guy smart. Know what I'm saying? So it is possible I'm overlooking something.

[Avamander]

Not entirely worthless, but there are a bunch of things that are left unprotected and may thus pose an issue. Certainly not up to the same standards of your average EE2E IM platform, but it kinda doesn't have to be to be useful.

[kebman]

I totally agree. Se my "philosophical" reply further up if you want to delve more into the logical yet non-technical aspects of your argument.