Google unveils end-to-end messages for Gmail. Only thing is: It’s not true E2EE.
1 min read
Summary
Google has unveiled plans to add end-to-end encryption to its Gmail service, but many are querying the level of security it offers.
The company defines end-to-end encryption (E2EE) in this instance as the encryption of emails in the sender’s browser, which stay encrypted until they reach the recipient’s browser.
The industry standard for email encryption has traditionally been S/MIME, but this requires a X.509 certificate to be issued to each sender and receiver by a certificate authority, which can be complex and costly to manage.
Google’s new service doesn’t require this, instead integrating with identity providers (IdPs) to verify sender identity.
However, critics have pointed out that if a malicious actor intercepts an encrypted email, they could also access the verification email from the IdP.
