[jcranmer]

This is like asking how to drive across the ocean and getting mad when someone tells you that you need to take a boat.

Email just fundamentally isn't encryptable; the protocol and the way it actually works in practice (hi, antispam!) requires that important parts of the email not be encrypted, and things like asynchronous communication make it difficult to do encryption to the gold standard of quality. Also, turning on encrypted email also disables several email features from the perspective of the user (hope you didn't want to search your emails!). The end result is that email encryption is, as someone else put it, LARPing rather than security.

There are a few very narrow use cases for which encrypted email may make sense (largely in cases where you're not concerned about hiding the existence of communication channels, just message contents, and you can do out-of-band public key communication). But notice that those use cases don't include "I want to message someone else securely," and it's definitely not someone that would work if you tried to let regular users do it.

[denton-scratch]

> things like asynchronous communication make it difficult to do encryption to the gold standard of quality.

I agree. Thing is, asynchronous communication is a killer feature. My primary communications channel is email, but I don't use encrypted email.

I do use GPG, but not for email.

[38529977thrw]

None of this explains why I need to give you my telephone number to get on your boat.

Identity is the core of the matter and that is invariant of the modes of transport. On top of that comes key management. On top of that you can build your secure application on whatever platform.

Total end to end encryption can only be built on top of identity and never (ever) on a specific channel. And TE2E should be the social goal.

[xoa]

Even to the extent that's true (and a lot of it is not), none of that explains why there are absolute zero email replacements, and indeed "security" people seem to promptly display brain damage whenever the idea is brought up. "Email-like" doesn't mean it has to be actual current standard email, there could be an "xmail" that has a UX near exactly like email but is more modern. But instant messengers (let alone centralized ones) are not a replacement for email and never will be, and the stubborn idiotic insistence they are is as surprising as it is infuriating. If you insist it's security or email, the answer is email, and that's how very important information will continue to be sent.

Although that said, and while not disagreeing about its flaws, I still can't let entirely go by:

>the protocol and the way it actually works in practice (hi, antispam!)

But anti-spam works fine with encrypted email (putting aside practicalities of no forging making spam harder anyway).

>asynchronous communication make it difficult to do encryption to the gold standard of quality

Nobody gives a shit. Asynchronous communication is well worth it.

>hope you didn't want to search your emails!

lol wut? If I go into Mail and searching something it can include encrypted emails the same as whatever else, why wouldn't it?

[tptacek]

There are, obviously, replacements for email. Most of us get a tiny fraction of the email we did just 10 years ago because so much has moved out of email and into other messaging systems. The faulty logic being used here is that there is nothing shaped precisely like email to replace email, and, of course, there never will be.