|
|
|
|
|
|
by GrantMoyer
484 days ago
|
|
|
Last time I checked, while tutanota's emails are ostensibly E2E encrypted, all public keys are provided by their server and there's no way to pin keys or verify them over a side channel, so a compromised server could trivially send its own public keys and MITM attack all encrypted emails. This completely defeats the purpose and guarantees of E2E encryption, but for some reason, it hasn't seemed to be a priority for them. The article passingly mentions key verification, so hopefully that's changed. https://github.com/tutao/tutanota/issues/768 |
|
|