Comment by tomaszsobota
5 months ago
> end-to-end encrypted emails
> without the hassle of exchanging keys
> access the encrypted message via a guest account
Feels like shifting the goalposts and trying to brand a new working definition of E2EE
5 months ago
> end-to-end encrypted emails
> without the hassle of exchanging keys
> access the encrypted message via a guest account
Feels like shifting the goalposts and trying to brand a new working definition of E2EE
Can't you read the faq before comment? The "guest account" is hosted on IdP, not necessary google.
https://support.google.com/a/answer/14757842
To me this looks strictly worse than if they just used s/mime with some magic to integrate in the Gmail client for ux.
As I read it[1] - Gmail users are given a hidden s/mime key pair, possibly with secret key stored in a hw token/on device.
I can only assume that when mailing an external user without guest/Gmail account, Gmail will generate a (temporary?) key pair for the recipient, encrypt the message under temporary public key of the recipient - then when recipient creates the guest account - either generate a new key pair and re-encrypt or assign the key pair held for the user? To allow Gmail to decrypt the mail in the browser? As well as implicitly trust the sender key for verification?
I struggle to see how this is e2e in any meaningful sense?
When I log into a public terminal at my library - how will the browser access my keys?
[1] https://support.google.com/mail/answer/13317990?sjid=1138879...