Agreed, I've been trying to consider an end to end solution. A single site by a single company is a bad idea... easy to shut down... PGP encryption at the client requires delivery of public keys from the desired recipient, but potential man-in-the-middle attacks mean you can't even trust that the public key you're receiving is from the recipient you think it does, your mail server could act as a go-between on behalf of your client software to go get the public key for the recipient, but that's not safe either. In the end, when nothing electronic can be trusted as sacred, how do you encrypt in such a manner as your recipient can decrypt it reliably without it being insecure... plus, if you encrypt messages end to end, how do you handle the issue of SPAM?
There are many challenges to overcome and basically as you stated, the whole concept of email needs a complete overhaul. It needs to be secure, distributed and open source.
Unfortunately, much as I'd like to claim the expertise to be able to put all this together, I would need a team of experts to help me solve the problems any solution is going to face and get it to market. This is by no means a one person job, the challenges are hard-to-solve problems and the solution needs to be usable. The reason that nobody encrypts their email now is because the payoff isn't worth the headache of trying to understand what needs to be done. I'm struggling to understand what I need to do to get GPG installed on my computer for crying out loud.
There are many challenges to overcome and basically as you stated, the whole concept of email needs a complete overhaul. It needs to be secure, distributed and open source.
Unfortunately, much as I'd like to claim the expertise to be able to put all this together, I would need a team of experts to help me solve the problems any solution is going to face and get it to market. This is by no means a one person job, the challenges are hard-to-solve problems and the solution needs to be usable. The reason that nobody encrypts their email now is because the payoff isn't worth the headache of trying to understand what needs to be done. I'm struggling to understand what I need to do to get GPG installed on my computer for crying out loud.