Mostafa Shahverdy bio photo

Mostafa Shahverdy

M.Sc Computer eng, Software Architect and Developer, Browsers Developer, Multimedia Coder, Otaku!

Email Twitter Facebook Google+ LinkedIn Github Stackoverflow Youtube

Its not like that you have something to hide if you use email encryption. Its a way to protect your right and privacy. Not all email clients support email encryption, in fact all major web based email clients (Gmail, Yahoo mail, Hotmail, etc.) don’t support it, and its because their way of making money is based on knowing the content of your emails (what a foolish reason!)

Although most people you communicate with don’t use any sort of email encryption, but you can always sign your messages, and let them decide what to do with your signature. Did I say always? Mailing list programs usually append extra texts to your emails, and this makes your signature to be invalid, which means that reader sees an alarm that the message is not sent by the person he claims to be, which can terrify them.

In fact the biggest problem about end to end encryption is public key distribution. The usual way of obtaining public keys is still an issue. Both S/Mime and PGP are weak for this. S/Mime is based on trusting an issuer, but do you completly trust the issuer? We know that it has happened a few times that issuers like Verisign and Comodo signed wrong certificates that were hijacked. PGP relies on a decentralized way of distributing public keys, whic is Web Of Trust – You trust your close friends, and their friends (and their friends, and so on…)

Well, when you loose your trust on your own private key, you revoke it. But do people download that revoke key on time?

With all these in mind, still encryption is what many people can’t live with.