This chapter covers:
- The importance of end-to-end encryption for companies and users.
- The different attempts at solving email encryption.
- How end-to-end encryption is changing the landscape of messaging.
Chapter 9 explained transport security via protocols like TLS and Wireguard. At the same time, I spent quite some time explaining where trust was rooted on the web: hundreds of certificate authorities trusted by your browser and operating system. While not perfect, this system has worked so far for the web, which is a complex network of participants who know nothing of each other.
This problem of finding ways to trust others (and their public keys), and making it scale, is at the center of real-world cryptography. A famous cryptographer was once heard saying "symmetric crypto is solved" to describe a field of research that had overstayed its welcome. And for the most part the statement was true. We seldom have issues encrypting communications, and we have strong confidence in the current encryption algorithms we use. Most engineering challenges when it comes to encryption are not about the algorithms themselves anymore, but about who Alice and Bob are, and how to prove it.
Cryptography does not provide one solution to trust, but many different ones that are more or less practical depending on the context. In this chapter, I will survey some of the different techniques that people and applications have used to create trust between users.