Hacker News new | past | comments | ask | show | jobs | submit login

I think the biggest distinguishing feature of this is being able to have it encrypt emails with customer provided keys stored on their Key Management Service. This hypothetically should prevent three letter agencies from accessing emails, but I'm not sure that is the top feature on everyone's mind when they are looking to set up email for their company. It definitely piques my interest though.



If your mail is encrypted, how do you search it?

EDIT:

That is, assuming the mail is stored on the server and it's encrypted, how do you search it efficiently?

It does not seem efficient to download every byte of mail, decrypt it, and search it on your local machine (especially a phone). Perhaps you could build an index locally, but could you keep it updated? And even that requires downloading and reading every byte at least once.

This is something I've always wondered about encrypting hosted email.


The actual content is encrypted, but one can still build an index that points to individual email IDs and score the search results properly. Only when returning the top N results that one needs to decrypt those N emails with the right keys. The index would be kept in the server. Of course, the devil is in the details and things like email threading, order by by date or group by senders will make or break the user experience.


A full text index that's actually useful will allow you to largely piece back together the original content, modulo stemming and stopwords.

I guess it would be something like encrypting the index, then decrypt it on demand, just like you would decrypt individual messages on demand.


Not if the index values are encrypted (public-key) too.

hashed-word => encrypted-list-of-msg-indices

something like that.


As other commenters elsewhere in the thread have pointed out, we don't know much about the implementation at this point. How it is implemented I think will make or break this product.


Amazon's size basically guarantees that if they offer such a service, there will ALSO be a backup copy encrypted with Three-Letter-Agency key.

You can go under the radar when you are LavaBit small (and then, only until you have a single high-profile user). But not when you are Amazon.


In the beginning I don't think so. We've seen recently with Apple and Google, that there is such thing as a non-backdoored encryption product that agencies (both US and abroad) get upset about. That doesn't preclude there from being a backdoor requirement in the future, similar to a wiretap law.


> We've seen recently with Apple and Google, that there is such thing as a non-backdoored encryption product that agencies (both US and abroad) get upset about.

Who says they're not pretending to get upset about them?


Amazon is the company that cut off WikiLeaks when a senator made a hostile speech. Google and Microsoft have both gone to court to resist government actions.


We're talking about a company that has CIA as its customer and censored Wikileaks with a single phone call from a senator.


I think since the Sony leak, probably a lot of people have thought about the security of their corporate mail - I have


That's a good thought.

The more I have sat and thought about it, the more use cases I can come up with where there is a business case for it. One big one that comes to mind is foreign companies that don't trust the US.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: