On 12/09/2013 04:20 PM, Frank Villaro-Dixon wrote: > On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying: >> Hi there, > Hi, >> Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin: >>> We love PGP! :-) >> so I do. But, why are you going to use it in such a ummm grotesque >> flavour? >> >> If one's using that service he/she has to trust your service and >> toolchain. It's completele breaking any ideas of end-to-end encryption. >> More worse, any enduser without deeper knowledge of pgp or encryption at >> all will be misguided and could think his communication be secured. >> Indeed it isn't. > I'm of the same opinion as Stephan. Even if this service is maybe good > as-is, it could easily mislead the user into thinking that what he does > is secure. The user doesn't know that the message has been encrypted > with the end-user's key, and not with a MITM one. It may do more harm > than good; IDK, just an opinion.
This can easily fixed with appropriate warning-message on the page. I personally don't see any problems here. I don't like that server's backend is closed. I want to see the source code of this resource, but opened is only pgp JS-lib. > Also, I hope you're not running an "open-relay" server, and that you > have some kind of mail-sending policy ;). Good point. Very interesting to understand how this server protected from relaying of junk mail :) >>> We would like to make PGP as usable as possible for everyone. >>> With https://encrypt.to you can send encrypted messages to PGP users >>> and you can receive encrypted messages from non-PGP users. We are >>> using client side encryption and we can't decrypt the message. >>> >>> How does it work? When your public key is added to a sks keyserver >>> just open the link: >>> >>> Many thanks in advance for your feedback. >>> Jan -- Best regards, Dmitry, head of UNIX-tech department NRNU MEPhI, tel. 8 (495) 788-56-99, add. 8255
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel