Comment by nottorp

3 days ago

For large organization data the keys would need to be stored within the organization, not with one particular user as in the case of your personal PII needs.

And then you'd still need to worry about digital sovereignity for the keys.

5 comments

nottorp

Reply
fc417fc802  3 days ago

I don't follow. Are you saying that BigCorp would demand key escrow? They already deploy custom email solutions today so I don't see the issue.

  • nottorp  3 days ago

    I am saying you can't keep the keys just on a stick in the employee's pocket since multiple people need to have access to the data.

    And if those keys are stored by a company subject to US jurisdiction, we're back to the same problem.

    • fc417fc802  3 days ago

      Well yes, if you hand your keys over that is indeed a problem. Of course handing your keys over to the provider rather defeats the purpose of E2EE so hopefully no one is doing that.

      Key escrow is the usual solution to an employer needing access to employee materials.

      2 replies →