What email encryption is actually in use?

[Lucky Green]

Peter wrote [about the benefits of STARTTLS]:
> As opposed to more conventional encryption, where you're 
> protecting nothing at any point along the chain, because 
> 99.99% of the user base can't/won't use it. In any case most 
> email is point-to-point, which means you are protecting the 
> entire chain (that is, if I send you mail it may go through a 
> few internal machines here or there, but once it hits the WAN 
> it's straight from my gateway to yours).

I must concur with Peter. The overwhelming majority of email recipients
with whom I routinely exchange PGP encrypted email operates their own
MTAs, located within their trust boundaries. Which should come as no
surprise, since those with whom I discuss topics requiring secure
communications tend to be conscious of security and thus like to be able
to control the properties of their MTA and other network services.

I also agree that current MTAs' implementations of STARTTLS are only a
first step. At least in postfix, the only MTA with which I am
sufficiently familiar to form an opinion, it appears impossible to
require that certs presented by trusted parties match a particular hash
while certs presented by untrusted MTAs can present any certificate they
desire to achieve EDH-level security.

I am aware that the certs presented by trusted parties could of course
all be signed by the same CA, but this is an unworkable model in
personal communications. What is required in practice is a list of
trusted MTAs with corresponding hashes implemented at the MTA level.

--Lucky Green