[yardstick]

I’ve got hundreds of emails from the early 2010s between a couple of coworkers and myself that I can no longer read because they were S/MIME encrypted and I’ve got no idea what happened to my keys or even if my current client supports it anymore.

I wish the client stored it decrypted once received.

[mhitza]

> I wish the client stored it decrypted once received.

Me too. I already have my systems with fulldisk encryption, I need the communication to be end encrypted.

Email clients (like Thunderbird) keeping emails stored encrypted, just makes it harder for these tools to search, label and automate stuff around content.

[m3047]

I'm sorry for your loss, but this sounds like an antipattern. Hundreds of emails between co-workers and it was all contemporaneously related to work in progress or cat pictures of your own cats, didn't contain PII or proprietary information of your employer or unaware third parties? And you want it back? From far enough away (that I might as well be in orbit) this seems preferable to an unencrypted drive ending up in somebody's hands for "refurbishment" (cough printers with hard drives).

No one is innocent. I refuse to use LE and operate my own CA instead, and as a consequence of scareware browser warnings I publish http: links instead of https: (if anyone cares, you know to add the "s" don't you?). I run my own mailserver which opportunistically encrypts, and at least when it gets to me it's on hardware which I own and somebody needs a search warrant to access.. as opposed to y'all and your gmail accounts. I do have a PGP key, but I don't include it on the first email with every new correspondent because too many times it's been flagged as a "virus" or "malicious".

Clearly we live in a world only barely removed from crystals and ouija boards.

[mmooss]

> Hundreds of emails between co-workers and it was all contemporaneously related to work in progress or cat pictures of your own cats, didn't contain PII or proprietary information of your employer or unaware third parties?

You're merely defining away the problem. You have no idea what was in those emails.

[m3047]

Whatever was in those emails wasn't important enough for them to unencrypt them in a durable fashion, or put the keys in a safe with the gold bars.

We call this the "scream test" in BOFH land.

[yardstick]

Who knew I’d need to do this? I’d never needed to do this either my emails in the decades prior.

You’ve also got no idea what was in those emails. Could be some valuable knowledge or logs about some crazy rare bug or scenario, and would be useful to review today.

We just turned on S/MIME by default, to “be secure”, whatever that means. There was no warning in the email client about losing access to the email if you lost your keys.

Citing BOFH is all well and good inside certain circles. In the real world, people don’t like spending time or effort on poorly thought out and implemented solutions.

[m3047]

The keys aren't in the backups you still have?

IOW: who owns the backups owns the data... until proven otherwise. My default presumption from space is that 1) there are document management policies and 2) document management policies apply.

[mmooss]

It wasn't important enough at the time to the BOFH.