Ride the Lightning

No, E-mail Encryption is Not Dead

May 16, 2018

John and I watched the escalating reports of the death of e-mail encryption over the last several days with a growing sense of unease, as the facts were misstated and the conclusions seemed overblown. After an enormous amount of reading, John felt comfortable yesterday in putting out a blog post on this subject in his Your IT Consultant blog.

The Washington Post carried a balanced story yesterday morning noted that the security community had its own encryption debate after the discovery of the new encryption flaw known as Efail. In the end, I think it is reckless to tell people to stop using encrypted e-mail. The problem isn't with PGP or S/MIME but with the way e-mail clients have implemented it – and this can be fixed.

One of my blog readers was intrigued by the fact that I didn't jump on this news immediately. When stories like this break, and don't pass my personal 'smell' test, my inclination is to let the fire burn down a bit before coming to a rapid (and wrong) conclusion.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson