How to accelerate the adoption of secure email?

Question

Google Chrome accelerated the adoption of TLS for websites by making it difficult to access websites over insecure channels. This is likely because of their dominant market position. LetsEncrypt also commoditised the certificate business to the point of free.What would it take for a similar thing to happen for unsigned and unencrypted e-mail? Which companies or organisations could contribute to a fast change?

sybercecurity · Accepted Answer

End-to-end or hop-by-hop? I'd argue that hop-by-hop encryption (i.e. SMTP over TLS) is becoming more common. Protocols like SMTP-STS and DANE help.
E2E is another story. There's never been a good user friendly tool that allows non-experts to easily use at scale (i.e. outside of a controlled enterprise). Then there is the problem of cert distribution/discovery: How to find recipient's keys in order to send encrypted email. There is a DANE solution to this but it never caught on.
Lastly, there is the multiple device problem. People send and receive email on multiple devices (usually laptop, mobile phone and occasionally tablet). Any solution needs to account for syncing keys between devices.
The above assumes open standards based email (S/MIME and OpenPGP). some platforms have a closed solution that works on their platform but not with users on other platforms. Similar to how every medical provider in the US has a messaging portal for patients rather than rely on (insecure) email.

auganov · Answer

How would you handle spam with predominantly E2EE emails? WhatsApp et al. have complete control over clients giving them a few more cues to go by. I would imagine it would get even harder to send anything from your own server. Though one could argue it's already too hard to bother.

mdw · Answer

I hope that Apple takes the lead here, because it would fit well with their other efforts in user privacy and security.