It’s absurd that, in 2012, sensitive information is still regularly shuttled around via the unencrypted, MITM-vulnerable, often-intercepted protocol we all know as “email.”
Connections to websites are commonly secured via HTTPS, which Just Works™ for end users. Unlike HTTPS, email encryption:
- Seems to come in multiple flavors: PGP/GPG and S/MIME.
- Does not have a universal, automatic discovery mechanism.
- Is *never* used for communication from even high-risk institutions like banks
- Is difficult for end users to “opt into”
- Has less than universal client support
What can be done to change this shameful status quo?