Thanks for the discussion. Now my thoughts about e-mail encryption
problems. Hopefully I'm not repeating too much those usual and often
repeated issues...
A good book on the subject is Peter Gutmann's Engineering Security, <
https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>. He explains how to build secure systems. He discusses email security, along with encryption and other privacy issues. From the section titled Encrypted Email on page 774:
An example of a conflict between user expectations and security design
that would have been revealed by proactive testing was turned up when
security usability studies showed that email users typically weren’t
aware that (a) messages can be modified as they move across the
Internet, (b) encrypting a message doesn’t provide any protection
against such modification, and (c) signing a message does protect it.
The users had assumed that encrypting a message provided integrity
protection but that signing it simply appended the equivalent of a
pen-and-paper signature to the end of it.
Jeff