Can't you offer PGP-only e-mails, and just tie everyone's public key to their "profile" on the service? Then, even if they don't specifically have that person's public key, they can still send them e-mails through PGP as long as that other person also has a Silent Circle e-mail account (because you already have that person's public key, so you can connect the two).
And of course you should not offer e-mail outside of Silent Circle in any way. I actually can't believe you did that. Silent Circle was supposed to be all about security, not "convenience". If some customers didn't like that, then they shouldn't use it. Now look at the mess you created because you thought it's good to have the convenience of sending anyone an e-mail. You shouldn't have offered that to begin with.
So see if you can come back with a PGP-only e-mail in a way that you couldn't add some kind of spyware to get people's private keys if NSA asked you to do it. It might also be a good idea to offer the maximum encryption level (RSA 4096 bit?) if you can afford it (or ask them more money for it), since PGP is more vulnerable to cracking than say OTR, especially if they target some of your customers. And use forward secrecy for the TLS channel.
Is there any way you could use the Bitmessage protocol? Or whatever Retroshare is using for e-mails?
The offering was PGP-only email. The server encrypts the message when it's sent so the user doesn't have to install PGP. That's why plaintext was visible.
And of course you should not offer e-mail outside of Silent Circle in any way. I actually can't believe you did that. Silent Circle was supposed to be all about security, not "convenience". If some customers didn't like that, then they shouldn't use it. Now look at the mess you created because you thought it's good to have the convenience of sending anyone an e-mail. You shouldn't have offered that to begin with.
So see if you can come back with a PGP-only e-mail in a way that you couldn't add some kind of spyware to get people's private keys if NSA asked you to do it. It might also be a good idea to offer the maximum encryption level (RSA 4096 bit?) if you can afford it (or ask them more money for it), since PGP is more vulnerable to cracking than say OTR, especially if they target some of your customers. And use forward secrecy for the TLS channel.
Is there any way you could use the Bitmessage protocol? Or whatever Retroshare is using for e-mails?