> Even if your provider stores and transmits only encrypted email data, once sent it does not maintain that guarantee while being passed by another entity's MTA.
What? If Alice encrypts an email to Bob, using Bob's PGP key on her laptop, then it doesn't matter how many MTAs that email passes through, the email stays encrypted at every hop.
> it could wind up being archived to tape
I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack the private key and read the email.
That seems expensive (and illegal) for a company to do just on a whim (assuming the sender and recipient are periodically deleting old emails), and I'd like to think that a judge would turn down a request for a warrant that covers data that won't be readable for a decade or more.
Yes, you have to bring your block cipher unless you are 100% sure all the MTAs are using your e2ee scheme.
>I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack
No, I'm saying when you send the email, the next MTA might not use encrypted transport and any mailbox/mail spool/cache might not store the data encrypted in any way.
You can of course get E2EE if you use GPG (you always could), but if somebody doesn't know how to use GPG or uses it wrong, that is problematic.
You can also just broadcast your gpg block message via public/ham radio or even hire a skywriter to spend his day tracing out your GPG cyphertext as a huge QR code in the sky :-)
What? If Alice encrypts an email to Bob, using Bob's PGP key on her laptop, then it doesn't matter how many MTAs that email passes through, the email stays encrypted at every hop.
> it could wind up being archived to tape
I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack the private key and read the email.
That seems expensive (and illegal) for a company to do just on a whim (assuming the sender and recipient are periodically deleting old emails), and I'd like to think that a judge would turn down a request for a warrant that covers data that won't be readable for a decade or more.