Charles,
TLS is usually behind the scenes, system-to-system encryption. It's not something a regular user should or even can mess with. Most mail systems already have TLS encryption enabled so that communications between your computer and the mail server or between the server and other mail servers can't be read by anyone in-between. Everything about the message is encrypted, and only the destination server is known.
End-to-end encryption is a generic term for something a user does to things (messages, in this case) that encrypts the message itself such that it can only be decrypted by the recipient. IOW, the mail server itself (or a hacker in that mail system) can't read the contents of the message. While this has been a dream of many for a long time, it is fairly non-trivial for just two people to encrypt/decrypt their messages back and forth. Scaling that up to anyone someone might communicate with (i.e. "the world") is practically impossible, although there are systems (PKI) that make it fairly easy within a single mail system (like within a business). Also, note that only the body of the message is encrypted. The sender, recipient, subject, and other sending/delivery information is not encrypted.
Analogy: You put a message in a small, locked box, take it to the post office and mail it to someone. You have concealed (i.e. encrypted) the message such that the post office can't know the content of the message, and only you and recipient (presumably with a key) will know. The mailperson at the post office and the one delivering the package knows your name (probably), to whom you are sending, how much it weighs, etc. (i.e. the metadata), but nobody else does. They have "encrypted" the route. Maybe the neighbor or the person in line behind you knows that a package was sent or received, but that's it. The postal system that is already in-place takes care of the route encryption for you, but the message encryption is both up to you and much more difficult. You have to securely exchange keys with the other person, and you don’t want to do that through the mail system. (What if someone broke into the post office and found all the letters with keys and copied them?) Imagine needing to exchange keys with everyone you would ever want to mail or receive mail from!
Hope that helps,
Erich
On Thursday, May 18, 2023 at 17:33, Charles Meyer eloquently inscribed:
> My esteend listmates,
>
> A patron asked how one "enables" TLS to encrypt their emails?
>
> I'm not a security expert so I just Googled it and found info (below)
>
> Difference between TLS and E2EE
>
> For example, with end-to-end encryption, a plaintext message that you sent
> gets encrypted at your end and gets decrypted only after reaching the
> recipient's device. However, *in TLS, a plaintext message gets encrypted at
> your end and decrypted at the server*.Jul 14, 2019
>
> https://en.wikipedia.org/wiki/Transport_Layer_Security
>
> Does a user have to enable TLS? If so, how complicated is that?
>
> Is there better encryption than TLS?
>
> If so, would that other encryption software need to be enabled?
>
> Thank you.
>
> Charles.
>
> Charles Meyer
>
> Charlotte County Public Library
|