GMail PGP verification?
David Shaw
dshaw at jabberwocky.com
Fri Feb 13 21:42:06 CET 2009
On Fri, Feb 13, 2009 at 01:25:33PM -0700, Joseph Oreste Bruni wrote:
>
> On Friday, February 13, 2009, at 12:44PM, "David Shaw" <dshaw at jabberwocky.com> wrote:
> >Interesting.
> >
> >http://googlesystem.blogspot.com/2009/02/gmail-tests-pgp-signature-verification.html
> >
> >David
>
>
> I like the idea of signature validation, but I'm not so sure I would
> like the idea of uploading my private key to Google's servers in
> order to actually sign an email or to perform decryption.
Yes. It's not clear exactly how they're going about this (and of
course, nobody has seen signing or encryption yet). They could
possibly be heading towards a Hushmail type of system, where the key
activity can be done on your local system.
Even if they just do signing and sig verification, that would be a
huge boost in the number of signed messages out there on the net. It
would certainly change the spoofed user equation, despite the various
drawbacks.
David
More information about the Gnupg-users
mailing list