STEED - Usable end-to-end encryption

Jerome Baum jerome at jeromebaum.com
Tue Oct 18 18:16:08 CEST 2011


> Even webmail.  It is easy to write a browser extension to do the crypto
> stuff.  Installing browser extensions is even easier than installing
> most other software.

I'd make it a point of discussion whether it's still webmail proper then.

But you could also use Javascript, Java or Flash, so yes this is doable
for webmail. I wouldn't trust my ISP to deliver the encryption module
though. It kind of defeats the "end-point" part in "end-point
encryption". As your average user I have no way to verify the module and
nobody can vouch for it as it's dynamically updated by my ISP.

So a fixed, open-source browser extension is really the only way to do
this properly. How is this different from installing an MUA (given that
a browser extension is often a full-blown piece of software with full
rights to the system)?

With the webmail argument and since webmail is probably majority access
for private email, it's looking more important to work with the ISPs,
but I stand by my point of not building this on a single pillar.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA



More information about the Gnupg-users mailing list