Re: [Sks-devel] Encrypt.to searching for beta users

[John Clizbe]

ad...@pgpkey.org wrote:
> Thanks John,

You're welcome. Please don't CC me on replies to the list, one copy in one
inbox is sufficient.

>>
>> NB: Those wishing to try the code and query their own keyserver need to be
>> running my latest trunk. The patch adding the header that OpenJS needs to be
>> able to query keyservers is still sitting in a pull request for Yaron.
> 
> Which patch do you mean?

https://bitbucket.org/jpclizbe/sks-keyserver/commits/f6e4e88a049a3497cc17b0ad15530782d78bc59f


-- 
John P. Clizbe  Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Lukas, you got an error message? What does dislike mean?

Thanks
Jan




Lukas Martini :


Hej,

ignoring the complete discussion on PGP encryption in browsers etc., one
quick thing: Your site dislikes my email address (lut...@ohai.su),
presumably due to the unusual TLD (.su is the old ccTLD of the Soviet
Union, which is still in use). Might want to fix that ;).

There's a list of all valid TLDs at http://www.iana.org/domains/root/db,
though you might want to automate that since with the new gTLDs, new
ones are added relatively «often».

Best,
Lukas





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Thanks Lukas,

Oh yes we need to improve.


Lukas Martini :


Hej,

On 12/10/2013 03:19 AM, John Clizbe wrote:
How does the code handle keys with multiple email addresses? Does  
it mail-bomb

them all?


I just tried and got mails to all my UIDs, so yes.

http://i.imgur.com/b1INK0w.png

Best,
Lukas





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Thanks John,


John Clizbe :


Kristian Fiskerstrand wrote:

Granted this whole discussion probably belongs somewhere else, but
since we're first on the topic, let me chime in my two cents.

First of all, any encryption done in a browser will at least have to
be done in a browser extension that does not auto-update. One thing is
whether one trusts a service today, but if tomorrow some completely
different JS can be injected (or only injected based on e.g. IP
address, or other identifiers for a specific user, which we have seen
some cases of) then it can't be trusted.


BIG ACK


Second, key validation. Your friends (or friends of anyone using the
service) would have to carry along a phone-book of fingerprint, key
types and sizes for each recipient. Other than the short key ID I
don't see anywhere where this website provide information useful for
key verification procedures.Not even after encryption; What happens if
there is a short keyid collision? and is there a way to verify the
structure of the encrypted message before sending? (similar to gnupg's
--list-packets)


For example: https://encrypt.to/0xDEADBEEF comes to mind right away.

How does the code handle keys with multiple email addresses? Does it  
mail-bomb

them all?


Good point, we need to improve :)



NB: Those wishing to try the code and query their own keyserver need to be
running my latest trunk. The patch adding the header that OpenJS needs to be
able to query keyservers is still sitting in a pull request for Yaron.


Which patch do you mean?



-John

--
John P. Clizbe  Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Thanks for your feedback.


Kristian Fiskerstrand :


Granted this whole discussion probably belongs somewhere else, but
since we're first on the topic, let me chime in my two cents.

First of all, any encryption done in a browser will at least have to
be done in a browser extension that does not auto-update. One thing is
whether one trusts a service today, but if tomorrow some completely
different JS can be injected (or only injected based on e.g. IP
address, or other identifiers for a specific user, which we have seen
some cases of) then it can't be trusted.


Any idea how we can protect this issue?



Second, key validation. Your friends (or friends of anyone using the
service) would have to carry along a phone-book of fingerprint, key
types and sizes for each recipient. Other than the short key ID I
don't see anywhere where this weebsite provide information useful for
key verification procedures.Not even after encryption; What happens if
there is a short keyid collission?


Good point, maybe we should go with email only.

 and is there a way to verify the

structure of the encrypted message before sending? (similar to gnupg's
- --list-packets)


This is possible, what information do you like to see after the encryption?




- --
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Nil satis nisi optimum
Nothing but the best is good enough
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJSpbu0AAoJEAt/i2Dj7frj/C8P/3Ee8u7rUiO6TluwkBSCuksf
jXBqMTPjYq+Z1OfBaolYnix9n779ADxk/E2OHdEbVGeoMUwwld2IQURVR3zWt4Mi
CVDx9kwNlbm9FoMOR31fKwh5gbiGx4icmt/dbOeuiD6MjQL4MZIkp0QYvB3POzoQ
fNGu0JdPcYFJ3V4NZxF+uuzqC4GcNaXcwNLJGPGeRUtVGZSDIo7uyRRTGOOkQtZS
ifj52cYRvWUa3EomtaZjzP6j+KspOtj3QLtta8QOFiRt/+Jc8LVdQ/by9ykuWOtQ
c3Kdcha5cigNzUIEvIneuYzKbXAnmZ7aFvoESx82QP5j3E+zgt7x+r3R3jYRy+qb
/Ks9TDDl9cqVpBQ/Lrb78ubtNINpA6HWnY8b+x391kK5oi1swMHakDabiWT+8LIP
rV2a3WDRCEiKUDpYZQZxtsUg4BTdw26TjRZ+ciEK8FiJQJAktltMu6Ou6NRcIKYA
Eyyg3jEGglay7gcb6DrAgqSYIbBlmRryM095XeqNtU25XkJeBoavEB2kRQtqxu8G
SEmjLc/J1inDBiBWTuor2/Wq/hEAa+YLBOfKOO5gD1n4S61sNYxoYI4382L8cDIO
f6wMzx19soFZ9BJXk1vwPJ96YBwaObKCOjcRcDjuQK97ZPu7++kT6q9fqiWsPQug
IgJGFzUqwOzN7P6ljzBm
=/Yr+
-END PGP SIGNATURE-





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Lukas Martini]

Hej,

On 12/10/2013 03:19 AM, John Clizbe wrote:
> How does the code handle keys with multiple email addresses? Does it mail-bomb
> them all?

I just tried and got mails to all my UIDs, so yes.

http://i.imgur.com/b1INK0w.png

Best,
Lukas





signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Lukas Martini]

Hej,

ignoring the complete discussion on PGP encryption in browsers etc., one
quick thing: Your site dislikes my email address (lut...@ohai.su),
presumably due to the unusual TLD (.su is the old ccTLD of the Soviet
Union, which is still in use). Might want to fix that ;).

There's a list of all valid TLDs at http://www.iana.org/domains/root/db,
though you might want to automate that since with the new gTLDs, new
ones are added relatively «often».

Best,
Lukas



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[John Clizbe]

Kristian Fiskerstrand wrote:
> Granted this whole discussion probably belongs somewhere else, but
> since we're first on the topic, let me chime in my two cents.
> 
> First of all, any encryption done in a browser will at least have to
> be done in a browser extension that does not auto-update. One thing is
> whether one trusts a service today, but if tomorrow some completely
> different JS can be injected (or only injected based on e.g. IP
> address, or other identifiers for a specific user, which we have seen
> some cases of) then it can't be trusted.

BIG ACK

> Second, key validation. Your friends (or friends of anyone using the
> service) would have to carry along a phone-book of fingerprint, key
> types and sizes for each recipient. Other than the short key ID I
> don't see anywhere where this website provide information useful for
> key verification procedures.Not even after encryption; What happens if
> there is a short keyid collision? and is there a way to verify the
> structure of the encrypted message before sending? (similar to gnupg's
> --list-packets)

For example: https://encrypt.to/0xDEADBEEF comes to mind right away.

How does the code handle keys with multiple email addresses? Does it mail-bomb
them all?

NB: Those wishing to try the code and query their own keyserver need to be
running my latest trunk. The patch adding the header that OpenJS needs to be
able to query keyservers is still sitting in a pull request for Yaron.

-John

-- 
John P. Clizbe  Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
 mailto:pgp-public-k...@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[PGP Key Admin]

Thanks for your feedback.

> I'm of the same opinion as Stephan. Even if this service is maybe good as-is, 
> it could easily mislead the user into thinking that what he does is secure. 
> The user doesn't know that the message has been encrypted with the end-user's 
> key, and not with a MITM one. It may do more harm than good; IDK, just an 
> opinion.

Good point, we will show the public key. By the way, here is the source code: 
https://github.com/encrypt-to/encrypt.to

> 
> Also, I hope you're not running an "open-relay" server, and that you have 
> some kind of mail-sending policy ;).

No.


>> 
>>> We would like to make PGP as usable as possible for everyone.
>>> With https://encrypt.to you can send encrypted messages to PGP users
>>> and you can receive encrypted messages from non-PGP users. We are
>>> using client side encryption and we can't decrypt the message.
>>> 
>>> How does it work? When your public key is added to a sks keyserver
>>> just open the link:
>>> 
>>> Many thanks in advance for your feedback.
>>> Jan
> 
> Frank
> 
> 
> -- 
> frank.villaro-dixon.eu   - PGP: 6F36914A
> Envie d'électricité 100% verte ? Enercoop.fr
> What is a Velomobile ?   www.sans-essence.eu
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel

PGP Key Admin
ad...@pgpkey.org

http://pgpkey.org/pks/lookup?op=get&fingerprint=on&search=0x5F43F53FB41D959A



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

I don't like that server's backend is closed. I want to see the source
code of this resource, but opened is only pgp JS-lib.


Dmitry, here is the source code:

https://github.com/encrypt-to/encrypt.to

Regards
Jan


"Dmitry Yu Okunev (pks.mephi.ru)" :


On 12/09/2013 04:20 PM, Frank Villaro-Dixon wrote:

On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying:

Hi there,

Hi,

Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:

We love PGP! :-)

so I do. But, why are you going to use it in such a ummm grotesque
flavour?

If one's using that service he/she has to trust your service and
toolchain. It's completele breaking any ideas of end-to-end encryption.
More worse, any enduser without deeper knowledge of pgp or encryption at
all will be misguided and could think his communication be secured.
Indeed it isn't.

I'm of the same opinion as Stephan. Even if this service is maybe good
as-is, it could easily mislead the user into thinking that what he does
is secure. The user doesn't know that the message has been encrypted
with the end-user's key, and not with a MITM one. It may do more harm
than good; IDK, just an opinion.


This can easily fixed with appropriate warning-message on the page. I
personally don't see any problems here.

I don't like that server's backend is closed. I want to see the source
code of this resource, but opened is only pgp JS-lib.


Also, I hope you're not running an "open-relay" server, and that you
have some kind of mail-sending policy ;).


Good point. Very interesting to understand how this server protected
from relaying of junk mail :)


We would like to make PGP as usable as possible for everyone.
With https://encrypt.to you can send encrypted messages to PGP users
and you can receive encrypted messages from non-PGP users. We are
using client side encryption and we can't decrypt the message.

How does it work? When your public key is added to a sks keyserver
just open the link:

Many thanks in advance for your feedback.
Jan



--
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255




___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/09/2013 01:37 PM, ad...@pgpkey.org wrote:
> Hi Stephan,
> 
> Thanks for your feedback. That's right, the user needs to trust
> the service. The toolchain is open source http://openpgpjs.org/ and
> you can review the JS code. How does the "End" in end-to-end looks
> like? Instead of using a mail plugin it's a website which runs JS
> code in your browser. Clear a PGP user knows how to encrypt a
> message on his PC, but if my non geek friends would like to send me
> an encrypted message without knowing PGP, I provide them one link
> and that's it. And how do you send an encrypted message without
> your PC? :)
> 
> Regards Jan
> 
> 

Granted this whole discussion probably belongs somewhere else, but
since we're first on the topic, let me chime in my two cents.

First of all, any encryption done in a browser will at least have to
be done in a browser extension that does not auto-update. One thing is
whether one trusts a service today, but if tomorrow some completely
different JS can be injected (or only injected based on e.g. IP
address, or other identifiers for a specific user, which we have seen
some cases of) then it can't be trusted.

Second, key validation. Your friends (or friends of anyone using the
service) would have to carry along a phone-book of fingerprint, key
types and sizes for each recipient. Other than the short key ID I
don't see anywhere where this weebsite provide information useful for
key verification procedures.Not even after encryption; What happens if
there is a short keyid collission? and is there a way to verify the
structure of the encrypted message before sending? (similar to gnupg's
- --list-packets)


- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Nil satis nisi optimum
Nothing but the best is good enough
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJSpbu0AAoJEAt/i2Dj7frj/C8P/3Ee8u7rUiO6TluwkBSCuksf
jXBqMTPjYq+Z1OfBaolYnix9n779ADxk/E2OHdEbVGeoMUwwld2IQURVR3zWt4Mi
CVDx9kwNlbm9FoMOR31fKwh5gbiGx4icmt/dbOeuiD6MjQL4MZIkp0QYvB3POzoQ
fNGu0JdPcYFJ3V4NZxF+uuzqC4GcNaXcwNLJGPGeRUtVGZSDIo7uyRRTGOOkQtZS
ifj52cYRvWUa3EomtaZjzP6j+KspOtj3QLtta8QOFiRt/+Jc8LVdQ/by9ykuWOtQ
c3Kdcha5cigNzUIEvIneuYzKbXAnmZ7aFvoESx82QP5j3E+zgt7x+r3R3jYRy+qb
/Ks9TDDl9cqVpBQ/Lrb78ubtNINpA6HWnY8b+x391kK5oi1swMHakDabiWT+8LIP
rV2a3WDRCEiKUDpYZQZxtsUg4BTdw26TjRZ+ciEK8FiJQJAktltMu6Ou6NRcIKYA
Eyyg3jEGglay7gcb6DrAgqSYIbBlmRryM095XeqNtU25XkJeBoavEB2kRQtqxu8G
SEmjLc/J1inDBiBWTuor2/Wq/hEAa+YLBOfKOO5gD1n4S61sNYxoYI4382L8cDIO
f6wMzx19soFZ9BJXk1vwPJ96YBwaObKCOjcRcDjuQK97ZPu7++kT6q9fqiWsPQug
IgJGFzUqwOzN7P6ljzBm
=/Yr+
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Hi Stephan,

Thanks for your feedback. That's right, the user needs to trust the  
service. The toolchain is open source http://openpgpjs.org/ and you  
can review the JS code. How does the "End" in end-to-end looks like?  
Instead of using a mail plugin it's a website which runs JS code in  
your browser. Clear a PGP user knows how to encrypt a message on his  
PC, but if my non geek friends would like to send me an encrypted  
message without knowing PGP, I provide them one link and that's it.  
And how do you send an encrypted message without your PC? :)


Regards
Jan



Stephan Seitz :


Hi there,


Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:

We love PGP! :-)


so I do. But, why are you going to use it in such a ummm grotesque
flavour?

If one's using that service he/she has to trust your service and
toolchain. It's completele breaking any ideas of end-to-end encryption.
More worse, any enduser without deeper knowledge of pgp or encryption at
all will be misguided and could think his communication be secured.
Indeed it isn't.
Don't get me wrong, I also see the need for it, even if it's only for
securing webgenerated forms.
Does it need to be a webservice like this?



We would like to make PGP as usable as possible for everyone.
With https://encrypt.to you can send encrypted messages to PGP users
and you can receive encrypted messages from non-PGP users. We are
using client side encryption and we can't decrypt the message.

How does it work? When your public key is added to a sks keyserver
just open the link:

encrypt.to/{email} or encrypt.to/{key-id}


For example: https://encrypt.to/0xB41D959A

Many thanks in advance for your feedback.
Jan







___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel




___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Dmitry Yu Okunev (pks.mephi.ru)]

On 12/09/2013 04:20 PM, Frank Villaro-Dixon wrote:
> On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying:
>> Hi there,
> Hi,
>> Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:
>>> We love PGP! :-)
>> so I do. But, why are you going to use it in such a ummm grotesque
>> flavour?
>>
>> If one's using that service he/she has to trust your service and
>> toolchain. It's completele breaking any ideas of end-to-end encryption.
>> More worse, any enduser without deeper knowledge of pgp or encryption at
>> all will be misguided and could think his communication be secured.
>> Indeed it isn't.
> I'm of the same opinion as Stephan. Even if this service is maybe good
> as-is, it could easily mislead the user into thinking that what he does
> is secure. The user doesn't know that the message has been encrypted
> with the end-user's key, and not with a MITM one. It may do more harm
> than good; IDK, just an opinion.

This can easily fixed with appropriate warning-message on the page. I
personally don't see any problems here.

I don't like that server's backend is closed. I want to see the source
code of this resource, but opened is only pgp JS-lib.

> Also, I hope you're not running an "open-relay" server, and that you
> have some kind of mail-sending policy ;).

Good point. Very interesting to understand how this server protected
from relaying of junk mail :)

>>> We would like to make PGP as usable as possible for everyone.
>>> With https://encrypt.to you can send encrypted messages to PGP users
>>> and you can receive encrypted messages from non-PGP users. We are
>>> using client side encryption and we can't decrypt the message.
>>>
>>> How does it work? When your public key is added to a sks keyserver
>>> just open the link:
>>>
>>> Many thanks in advance for your feedback.
>>> Jan


-- 
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Frank Villaro-Dixon]

On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying:

Hi there,

Hi,

Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:

We love PGP! :-)

so I do. But, why are you going to use it in such a ummm grotesque
flavour?

If one's using that service he/she has to trust your service and
toolchain. It's completele breaking any ideas of end-to-end encryption.
More worse, any enduser without deeper knowledge of pgp or encryption at
all will be misguided and could think his communication be secured.
Indeed it isn't.
I'm of the same opinion as Stephan. Even if this service is maybe good as-is, it 
could easily mislead the user into thinking that what he does is secure. The 
user doesn't know that the message has been encrypted with the end-user's key, 
and not with a MITM one. It may do more harm than good; IDK, just an opinion.


Also, I hope you're not running an "open-relay" server, and that you have some 
kind of mail-sending policy ;).



We would like to make PGP as usable as possible for everyone.
With https://encrypt.to you can send encrypted messages to PGP users
and you can receive encrypted messages from non-PGP users. We are
using client side encryption and we can't decrypt the message.

How does it work? When your public key is added to a sks keyserver
just open the link:

Many thanks in advance for your feedback.
Jan


Frank


--
frank.villaro-dixon.eu   - PGP: 6F36914A
Envie d'électricité 100% verte ? Enercoop.fr
What is a Velomobile ?   www.sans-essence.eu


pgpS_JHyauz6s.pgp
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Stephan Seitz]

Hi there,


Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin: 
> We love PGP! :-)

so I do. But, why are you going to use it in such a ummm grotesque
flavour?

If one's using that service he/she has to trust your service and
toolchain. It's completele breaking any ideas of end-to-end encryption.
More worse, any enduser without deeper knowledge of pgp or encryption at
all will be misguided and could think his communication be secured.
Indeed it isn't.
Don't get me wrong, I also see the need for it, even if it's only for
securing webgenerated forms.
Does it need to be a webservice like this?


> We would like to make PGP as usable as possible for everyone.
> With https://encrypt.to you can send encrypted messages to PGP users
> and you can receive encrypted messages from non-PGP users. We are
> using client side encryption and we can't decrypt the message.
> 
> How does it work? When your public key is added to a sks keyserver
> just open the link:
> 
> encrypt.to/{email} or encrypt.to/{key-id}
> 
> 
> For example: https://encrypt.to/0xB41D959A
> 
> Many thanks in advance for your feedback.
> Jan
> 
> 
> 
> 
> 
> 
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


signature.asc
Description: This is a digitally signed message part
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Hello Filip,

Now back again :-)

Thanks
Jan



Filip Stefaniak :


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

PGP Key Admin napisal(a):

We love PGP! :-)

We would like to make PGP as usable as possible for everyone. With
https://encrypt.to  you can send encrypted
messages to PGP users and you can receive encrypted messages from
non-PGP users. We are using client side encryption and we can't
decrypt the message.

How does it work? When your public key is added to a sks keyserver
just open the link:

encrypt.to/{email} or encrypt.to/{key-id}

For example: https://encrypt.to/0xB41D959A


Seems to be cool, however:

502 Bad Gateway

best wishes!



- --
: Filip Stefaniak
: w lodówce ma 7.3 °C (2013-12-07 14:34)
: a lodowkę w internecie: http://minsk.achjoj.info/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSoyRCAAoJEIWU87pYnLkyKxsP/R1NzW2EHWy3EdGfPNNrMJdN
zbC1kh5uBOaCHlun1xubFdF2xskK5+bRJ4XRp2l7FTp3XX+dHILWl7VZq8DO/nIs
7UX4IQORjjZCZu6h9dBh2lVnRUad/N8H+nm/Ranl8o25W/9USWjpdQq4UBZOBeXe
Y9c2HiiNH5FVcxD+W2uWsAkX01IEshYsTElHsDUGgOvtKEN6keTtfyrjJRklGRji
fzAJepU9WPJ4aOV/+T7Yfol0Vig+sBHJzENd2fQkd6e3/76LQv9t69g3AvZ/13nh
5HjPh8l0QdvNog28GcFcaXVY/i6ac90kPlxmV3ocZEN3q1MzpkHzxawzw1d95lvs
MqiXf81UeC93WGk9J6DZOmOi4Wdl/ZVPR200eWvdd9Fb4RGGbZXIkiI9ez5oVkHR
CNX8mB3q2IVpcDpaYwU7JYjggmtUfqv9cp3bZ45BDBLk2AACbcXE1Jxv8zMTBYWf
8rBRYtODFKtNhvOgXjCWvJBK+p9Ppzkml69t177wXp4dG5WlHbgoBeD1VkCgqr8Q
aqN1tKXSWJxCinuEuSZU+pUImHEBME6SbymMp81YTZghHFFI1wn/m8vgpJqKehQz
eOoZHjRQo90HJfQzDZzhDpFolnz3c55kr1uMqFNDhR6i7Fns9/SZxauXR2RNWyLv
ILa4WbrohdMH+ZSHify7
=iSVg
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[admin]

Hello Dmitry,

The JS lib is open source: http://openpgpjs.org

Regards
Jan



 "Dmitry Yu Okunev (pks.mephi.ru)" :


Hello.

On 12/07/2013 04:27 PM, PGP Key Admin wrote:

We love PGP! :-)

We would like to make PGP as usable as possible for everyone.
With https://encrypt.to  you can send encrypted
messages to PGP users and you can receive encrypted messages from
non-PGP users. We are using client side encryption and we can't decrypt
the message.


Is the source code open? Am I able to download it and setup locally for
my services? :)

--
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255





___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Filip Stefaniak]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

PGP Key Admin napisal(a):
> We love PGP! :-)
> 
> We would like to make PGP as usable as possible for everyone. With
> https://encrypt.to  you can send encrypted 
> messages to PGP users and you can receive encrypted messages from 
> non-PGP users. We are using client side encryption and we can't
> decrypt the message.
> 
> How does it work? When your public key is added to a sks keyserver
> just open the link:
> 
> encrypt.to/{email} or encrypt.to/{key-id}
> 
> For example: https://encrypt.to/0xB41D959A

Seems to be cool, however:

502 Bad Gateway

best wishes!



- -- 
: Filip Stefaniak
: w lodówce ma 7.3 °C (2013-12-07 14:34)
: a lodowkę w internecie: http://minsk.achjoj.info/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSoyRCAAoJEIWU87pYnLkyKxsP/R1NzW2EHWy3EdGfPNNrMJdN
zbC1kh5uBOaCHlun1xubFdF2xskK5+bRJ4XRp2l7FTp3XX+dHILWl7VZq8DO/nIs
7UX4IQORjjZCZu6h9dBh2lVnRUad/N8H+nm/Ranl8o25W/9USWjpdQq4UBZOBeXe
Y9c2HiiNH5FVcxD+W2uWsAkX01IEshYsTElHsDUGgOvtKEN6keTtfyrjJRklGRji
fzAJepU9WPJ4aOV/+T7Yfol0Vig+sBHJzENd2fQkd6e3/76LQv9t69g3AvZ/13nh
5HjPh8l0QdvNog28GcFcaXVY/i6ac90kPlxmV3ocZEN3q1MzpkHzxawzw1d95lvs
MqiXf81UeC93WGk9J6DZOmOi4Wdl/ZVPR200eWvdd9Fb4RGGbZXIkiI9ez5oVkHR
CNX8mB3q2IVpcDpaYwU7JYjggmtUfqv9cp3bZ45BDBLk2AACbcXE1Jxv8zMTBYWf
8rBRYtODFKtNhvOgXjCWvJBK+p9Ppzkml69t177wXp4dG5WlHbgoBeD1VkCgqr8Q
aqN1tKXSWJxCinuEuSZU+pUImHEBME6SbymMp81YTZghHFFI1wn/m8vgpJqKehQz
eOoZHjRQo90HJfQzDZzhDpFolnz3c55kr1uMqFNDhR6i7Fns9/SZxauXR2RNWyLv
ILa4WbrohdMH+ZSHify7
=iSVg
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Encrypt.to searching for beta users

[Dmitry Yu Okunev (pks.mephi.ru)]

Hello.

On 12/07/2013 04:27 PM, PGP Key Admin wrote:
> We love PGP! :-)
> 
> We would like to make PGP as usable as possible for everyone.
> With https://encrypt.to  you can send encrypted
> messages to PGP users and you can receive encrypted messages from
> non-PGP users. We are using client side encryption and we can't decrypt
> the message.

Is the source code open? Am I able to download it and setup locally for
my services? :)

-- 
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel