Hi Kirill, On 09.06.2019 08:57, Kirill Peskov wrote:
It uses OpenPGP protocol, but quite a twisted way. And they're not OpenPGP-compliant, because they're not able to encrypt mails leaving their domain.
What do you mean by that? There is an option to add OpenPGP key of a "foreign" contact and send to other e-mail providers just like any oter OpenPGP mail.
From what I've seen on OpenPGP mailing list they're also planning to have Web Key Directory key discovery so that I'll be easier to encrypt to people outside ProtonMail
Any webmail by itself cannot be secure, because provider can always send you 'modified' browser applet and steal your private key and some day — the passphrase.
Yes, that's a problem. Still, who would discover a compromised Enigmail plugin (that autoupdates too), or even GnuPG? As the code is quite complex and in some cases there are many intermediaries (distro maintainers) it's not quite obvious what code are you running exactly.
As for webpages there is also this interesting plugin: https://stosb.com/blog/signed-web-pages/ Kind regards, Wiktor -- https://metacode.biz/@wiktor _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
