|
|
|
|
|
|
by mojomark
440 days ago
|
|
|
I don't get it. Isn't the goal to prevent someone from hacking into your email account and reading your email? If someone already hacked I to Alice's email account, and pretends to be her to access the decryption key (which they can do because they can prove they have control of the account - which is all key access requires), then they can decrypt the message. Seems pretty pointless, unless I'm missing a key point (perfectly possible) |
|
|
No, you got it. Any case where the keys used for E2EE are not created and managed out of band by the client is not really E2EE. If a server can update the code used to manage the keys i.e. javascript it can also swap out keys, obtain keys, etc... Everything a lawful order to intercept would require.