we couldn't manage to devise a system where every user
has unique credentials to access sensitive systems
without those systems themselves being able to decrypt
the user's data?
In the case of the GMail web interface, which I can tell you it's better than any desktop client I ever used, no, it isn't possible.
It isn't, because then Google cannot render email messages in the browser for you. And if it did decryption with Javascript, it's still their client and their client can still send back information about your emails to them.
Then you've got the problem of losing functionality. I love GMail because it does a good job of searching through my emails, or filtering them. And, ever since I switched to GMail, my spam problems are over.
Of course you could argue that with encrypted emails, spam is eliminated because you can just filter away messages for which you don't have a decryption key.
But this also represents a usability problem - getting the decryption key of every user that sends you email it's a PITA; and it would also prevent unsolicited emails that you do want (like old friends contacting you for the first time, or job offers).
Really, for encrypted email to work, you have to trust the client and it cannot be the default.
I don't think it would eliminate spam - the system would probably use PGP key servers to avoid the hassles of key sharing.
But yes, it's an usability nightmare now that everyone is using webapps. And even with native apps, having to copy the private key from your computer to your smartphone would be over most people's heads.
It isn't, because then Google cannot render email messages in the browser for you. And if it did decryption with Javascript, it's still their client and their client can still send back information about your emails to them.
Then you've got the problem of losing functionality. I love GMail because it does a good job of searching through my emails, or filtering them. And, ever since I switched to GMail, my spam problems are over.
Of course you could argue that with encrypted emails, spam is eliminated because you can just filter away messages for which you don't have a decryption key.
But this also represents a usability problem - getting the decryption key of every user that sends you email it's a PITA; and it would also prevent unsolicited emails that you do want (like old friends contacting you for the first time, or job offers).
Really, for encrypted email to work, you have to trust the client and it cannot be the default.