Most “secure email” platforms still rely on provider-managed keys:
either the provider generates the user’s key pair, or stores an encrypted copy for sync, or encrypts stored mail with server-side keys. In all cases, the provider retains theoretical decrypting capability.
A strict zero-trust model would require:
user-generated private keys
provider never storing or handling private keys
stored mail encrypted only with the user’s public key
no server-side key material that could decrypt data
provider cryptographically incapable of accessing message content
This model is common in password managers and zero-knowledge file storage, but rarely seen in email.
So the question is:
What stops email providers from adopting true zero-trust storage?
Is it:
key-management friction for users?
multi-device sync challenges?
server-side search/indexing requirements?
business reasons?
or just legacy expectations around email UX?
Curious how others in the dev/crypto community see this.
Top comments (0)