J.R.McHale

“The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:

‘A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.’

‘Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.’

‘Cryptography that post-dates the Fresh Prince. Enough said.’

‘Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.'”

— Professor Matthew Green, Johns Hopkins University, writing at his blog: A Few Thoughts on Cryptographic Engineering.