How is email cryptographically inferior? Only thing I can think of is if you want perfect forward secrecy, you can segment and deliver parts of the email with different encryption keys (except you could if you have it and send each blob in a thread).
That just depends what encryption protocol you use.
You could say that the user experience around encryption in email is inferior. Is that what you mean?
I think you could still hack around it, but in a way that would make non-secure emails come across as gibberish to those that weren't using a special email client.
For subject line, locally you could encrypt it via the same key that you encrypt the message body, so that it would look like gibberish until the end client decrypted it.
For send time, nothing you can do there. If you wanted to hide the sender address, you could likewise obfuscate that by proxying based on a secret key, but at that point you need a custom email server.
I guess I'm thinking that it would be useful to have an email client can:
- do it's own custom security thing (probably not even on SMTP protocol) if the receiver is also using secure mail
- send a normal email if the receiver is not using secure mail
At that point, I'd guess you probably wouldn't call it "secure email" though :)
That just depends what encryption protocol you use.
You could say that the user experience around encryption in email is inferior. Is that what you mean?