Secure protocols ensure that user agents are secure, as part of the protocol.
A secure protocol would, for example, not mix plaintext and encyrpted text messages, but would ensure that all messages were always encrypted. This way a we'll designed user agent couldn't accidentally mix cypher and plaintext messages.
I'm not arguing that UAs should do user hostile things in the name of security, which is the straw man you're arguing against. Nor did I mention anything webmail specific.
I'm saying that a security protocol shouldn't have, in practice, fail open attributes that user agents have to put warnings up about. A good protocol should allow the UA to entirely hide those dangers.
This is abundantly clear if you try to use any pgp mail client vs any signal protocol client. The protocol makes it easier for UAs to be both more secure and more user friendly.
A secure protocol would, for example, not mix plaintext and encyrpted text messages, but would ensure that all messages were always encrypted. This way a we'll designed user agent couldn't accidentally mix cypher and plaintext messages.
I'm not arguing that UAs should do user hostile things in the name of security, which is the straw man you're arguing against. Nor did I mention anything webmail specific.
I'm saying that a security protocol shouldn't have, in practice, fail open attributes that user agents have to put warnings up about. A good protocol should allow the UA to entirely hide those dangers.
This is abundantly clear if you try to use any pgp mail client vs any signal protocol client. The protocol makes it easier for UAs to be both more secure and more user friendly.