In message <v03102713b3690ff56eba@[10.0.2.15]>, Keith Dawson writes:
>[Some parts of this description make me nervous. Why are PRIVATE keys
>being stored on a server, for instance? Why use SSL to send keys when
>you could use SSL to just send the data? Etc., etc... --Perry]
There are a number of possible reasons for that; the one most likely in
this case is so that you can read your mail from anywhere. That is,
if you're seriously paranoid you're not going to dial up to your ISP
before logging in to hushmail -- the call is traceable, and your machine
may have been bugged (remember Aldrich Ames?). Instead, you'll go to
your library or some other public machine, install Linux, read the mail, reformat the
library computer's disk.. Well, you see my main point; if the key is stored on your
own machine, you can't read your mail from elsewhere. You
also have to worry about backing it up properly.
A second possible reason is the Java sandbox -- how can an applet write
to your disk? Yes, newer versions of Java can let that happen, but I
don't know if any browsers support that. And of course, if they do the
users would have to administer it, a dubious proposition.
