It'll be interesting to see whether companies start to shift to using encrypted email over the next few decades - it's not that hard to set up if you know the counterparty will be using encryption of the same kind, and if it's not a service bought in from an external company you can fairly sure it is secure.

Companies could at least insist that intra-company email is encrypted, which would be a huge amount of their normal communications, and then extend that outside their boundaries with partners who also accept (say) S/MIME.

At present I sign my mails but like you have no clients who use encryption.

Key exchange is still a huge issue. Sure, you can post a public key online, but I have no guarantee it is actually your key. How do I do business with somebody new?

The core problem with widespread crypto use today is not encryption, it's trusted key exchange.

Put the fingerprint in your business cards? In fact, maybe we finally found a reasonable use for QR codes.

Fingerprint in hex at the bottom of the business card is something I've done for the past 15 years -- pretty much the only reason I even bother with business cards these days.

This is a really interesting problem that needs to be solved. We need some sort of P2P secure protocol to exchange keys between people. Bypassing all sorts of stuff and connecting directly and sharing over an encrypted channel. This sounds really tough the way the internet works right now but I think solutions will come up now that there is a real need for them.

Exchange/Outlook already does intra- and extra-company encryption.

This comment implies you actually trust Microsoft's crypto implementation.

Nope, only that companies trust Microsoft's crypto implementation.

But as it happens, yes, I trust our crypto developers. They're much better at it than most of HN.

I don't. I've seen the source (via shared source) and there is a big fucking hole where the CSPs should be.

And the rest of the code is pretty shitty in places.

Thanks, I didn't know that.