We‘ve been using S/MIME-based end-to-end email encryption at work for a long time now. It’s a bit of a hassle whenever new employees start, and every two years after that, but it’s manageable. Apart from that, it just works. Why is it never even considered by so many people?
4
1
11
More importantly, why is no-one working on making it less of a hassle? I know it doesn’t encrypt metadata, but it’s still so much better than most messaging services, let alone unencrypted, web-based email from a security perspective.

Jan 22, 2021 · 8:14 PM UTC

7
12
Replying to @stilkov
What problem does it solve for you?
1
Ensuring only the intended recipients can read mails I send? Not sure I understand the question
1
Replying to @stilkov
I know a lot of people (even younger IT people) whose only interaction with e-mail is via webmail (and maybe mobile app as secondary means). Many have not been exposed to desktop clients (or don't see the diff.). S/MIME webmail could work, but it has a different security model.
1
2
Replying to @stilkov
IMHO most bigger companies going with a centralized Exchange Setup and managed Windows installations. Also GPG is sometimes a better and more accessible alternative.
Replying to @stilkov
There is in fact a method to also encrypt meta data, called protected headers. Unfortunately not supported by many mail clients, but it supports a compatibility mode that displays the headed in the text body on such clients.
1
Replying to @stilkov
There’s also a method called Autocrypt to enable the automatic setup of encryption. Interesting approach though it doesn’t solve all problems. The core Problem always turns out to be the key infrastructure in one way or the other.
1
Replying to @stilkov
Have you tried @CipherMail ? IMHO a very unobtrusive way of implementing a best effort approach
1