Quite!
"Interestingly (this is GMAIL) the message is not encrypted when sent to me from the GMAIL server via an unroutable private address 10.x.x.x, therefore not encrypted within Google's walls. "
Again - HTTPS is being (in some quarters) taken as a panacea. It's not. It covers your data in transit, and depending on it's implementation may be doing a reasonable job.
Once it hits your email provider (or the recipients) it may well be stored unencrypted, or fired around their networks unencrypted. As has been shown on various slides, if the NSA (or other groups) are sniffing inside the firewall/entry point, HTTPS is irrelevant. If they can access the data (via warrant or nefariously) due to it being plain text "at rest", it's irrelevant.
Outlook/Outlook Express used to allow for x509 certs, which whilst a pain to get hold of and install, where near transparent when used. As long as your cert/password were secured, your mail was neatly encrypted in transit and at rest.
I'd love to see the following adopted :
a) Sign into email client (local or web)
b) Be forced to generate x509 keys - storing private key locally (or, worst case, the passphrase - and let's skip the "do we trust the mail provider?" question for now)
c) Start to compose new mail
d) Enter recipient address
e) Mail client checks PGP/GPG/keystores for a current public key for recipient
f) If key found, carry on - just automatically and silently encrypt the mail
g) If key NOT found - display mahoosive warning that the email can't be secured - don't type secure things!
(NB: I'm aware Thunderbird/PGP do bits of the above, but not all of it, and it's client/user specific - rather than something that *could* be flicked on for everyone)
Obviously the snag comes with key expiry/rotation - methods need to be employed to (ahead of time) archive email securely
If Google/MS/Yahoo built the above in, and let you either use your own keys or generate them for you, it would probably gain faster uptake - and the inherent security in x509 would (or should!) show if your emails were encrypted for anyone else other than the recipient (i.e. "Google archive key") - or if a key generated by them was "downstream" of another trusted key - you can raise eyebrows accordingly.
The minute you enter a passphrase you've no guarantee it's not being logged, so you can only really go "so far" with bolting things down - but ultimately, if something is "that" secure - don't put it on email, or better yet, keep it offline!
Biting the hand that feeds IT
