Does the DoD allow the USPS to deliver packages directly to their staff? I’m pretty sure if you got letters from China they’d want to inspect them.
I totally get E2EE personally and have been using it since the 90s but from an organizational standpoint I’m not sure how to reconcile this with other needs. It seems like you’d want the ability to decrypt at the edge to make sure that outsiders aren’t sending malware to your people and that nobody is violating your rules. You can try to make that more resistant to abuse by e.g. escrowing keys so there’s never plaintext sitting around and each decrypt operation is logged, but I think relying on the client to log is just a riskier way to achieve the same result - if the user can disable the client logger or it’s not perfectly reliable, now you have a lawsuit (harassment, contract issues, etc.) or are testifying before Congress about how you missed a security threat.
I totally get E2EE personally and have been using it since the 90s but from an organizational standpoint I’m not sure how to reconcile this with other needs. It seems like you’d want the ability to decrypt at the edge to make sure that outsiders aren’t sending malware to your people and that nobody is violating your rules. You can try to make that more resistant to abuse by e.g. escrowing keys so there’s never plaintext sitting around and each decrypt operation is logged, but I think relying on the client to log is just a riskier way to achieve the same result - if the user can disable the client logger or it’s not perfectly reliable, now you have a lawsuit (harassment, contract issues, etc.) or are testifying before Congress about how you missed a security threat.