Hello, I'm really happy to see PGP/GPG support in roundcube progressing ;)
Am 30.06.2012 17:34, schrieb Niklas: > I've been working on implementing OpenPGP.js in Roundcube for the past > couple of days. It's still an unfinished project in development, but > since there's such high demand for the result I ought I'd ask you guys > for some early feedback. > > For those of you who don't know: OpenPGP.js is a fork of the previous > GPG4Browsers. The intent is to port all OpenPGP functionality into > JavaScript so that third party software isn't required for PGP activity. > It uses HTML5 web storage and standard PKI keyrings (private keys excluded). It sounds like a interesting implementation. > Speaking of Enigma: I'm sure someone will ask why I extend that instead. > With all due respect to its authors and fans, Enigma has been stuck in > development for 2 years, and PGP support has been planned for Roundcube > for 6 years. I'm not sure whether Enigma is really relevant or not. Also > I can not support a plugin that implements encryption as a server side > solution. The main goal of encryption is to ensure that the data can not > be accessed by unauthorized people. I believe that people hosting other > people's mail should be treated as unauthorized, and giving private keys > away to somebody else really fights against the entire purpose. And then > arises the exact same problem that Hushmail users are experiencing: > http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ I agree that in most situations users shouldn't trust their ISPs. At least they shouldn't give them private keys. But in other cases it's actually the other way round: If people host their own webmail, and have full control over the server hosting it, it might be much safer to store a passphrase-encrypted subkey on this server than to import the secret key into browser cache on public internet clients. The great thing about server-side key storage is, that the secret key never leaves the server. I actually see good reasons for both implementations. But the best would be to merge both as much as possible and keep code / function duplications small. Regards, jonas _______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
