Quoting Kfir Lavi, from the post of Thu, 09 Aug: > Hi, > I would like to keep company emails secure and encrypted. > I'm looking for a webmail program that is similar to Gmail. It don't have to > own all the stuff, just to be productive. > I would also want encryption. I want all the emails be encrypted > automatically. > What is the procedure for a user? should he take with him a usb private key? > I'm looking for your comments on the idea.
webmail is done at the server, and therefore the encryption can either be done on the server (and you must use SSL at the minimum) and have the user enter the passphrase for each mail he sends and recieves or else (caching the key) is no security at all. the other option is encrypting/decrypting at the browser level (with a DoK) and that's a neucense in itself. the easiest and possibly safest is on a Portable version of Thunderbird, a local key with an S/MIME or similar extension. I have not seen an encryption solution on a webmail product that is both conveniant AND secure... one almost contradicts the other. the only GOOD solution would be a combination extension/greasemonkey script that will automatically decrypt incoming mail and force you to encrypt outgoing one at the browser's end and that also means it's accessible only from a machine that has been set up for it. -- Networking washing machines since 1999 Ira Abramov http://ira.abramov.org/email/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
