[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Encrypt.to searching for beta users
|
From: |
Dmitry Yu Okunev (pks.mephi.ru) |
|
Subject: |
Re: [Sks-devel] Encrypt.to searching for beta users |
|
Date: |
Mon, 09 Dec 2013 16:31:03 +0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 |
On 12/09/2013 04:20 PM, Frank Villaro-Dixon wrote:
> On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying:
>> Hi there,
> Hi,
>> Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:
>>> We love PGP! :-)
>> so I do. But, why are you going to use it in such a ummm grotesque
>> flavour?
>>
>> If one's using that service he/she has to trust your service and
>> toolchain. It's completele breaking any ideas of end-to-end encryption.
>> More worse, any enduser without deeper knowledge of pgp or encryption at
>> all will be misguided and could think his communication be secured.
>> Indeed it isn't.
> I'm of the same opinion as Stephan. Even if this service is maybe good
> as-is, it could easily mislead the user into thinking that what he does
> is secure. The user doesn't know that the message has been encrypted
> with the end-user's key, and not with a MITM one. It may do more harm
> than good; IDK, just an opinion.
This can easily fixed with appropriate warning-message on the page. I
personally don't see any problems here.
I don't like that server's backend is closed. I want to see the source
code of this resource, but opened is only pgp JS-lib.
> Also, I hope you're not running an "open-relay" server, and that you
> have some kind of mail-sending policy ;).
Good point. Very interesting to understand how this server protected
from relaying of junk mail :)
>>> We would like to make PGP as usable as possible for everyone.
>>> With https://encrypt.to you can send encrypted messages to PGP users
>>> and you can receive encrypted messages from non-PGP users. We are
>>> using client side encryption and we can't decrypt the message.
>>>
>>> How does it work? When your public key is added to a sks keyserver
>>> just open the link:
>>>
>>> Many thanks in advance for your feedback.
>>> Jan
--
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] Encrypt.to searching for beta users, PGP Key Admin, 2013/12/07
- Re: [Sks-devel] Encrypt.to searching for beta users, Dmitry Yu Okunev (pks.mephi.ru), 2013/12/07
- Re: [Sks-devel] Encrypt.to searching for beta users, Filip Stefaniak, 2013/12/07
- Re: [Sks-devel] Encrypt.to searching for beta users, Stephan Seitz, 2013/12/09
- Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/09
- Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10
- Re: [Sks-devel] Encrypt.to searching for beta users, John Clizbe, 2013/12/10
- Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10