On 12/09/2013 04:20 PM, Frank Villaro-Dixon wrote:
On 13-12-09 12:56:09, Stephan Seitz, wrote 2.6K characters saying:
Hi there,
Hi,
Am Samstag, den 07.12.2013, 13:27 +0100 schrieb PGP Key Admin:
We love PGP! :-)
so I do. But, why are you going to use it in such a ummm grotesque
flavour?
If one's using that service he/she has to trust your service and
toolchain. It's completele breaking any ideas of end-to-end encryption.
More worse, any enduser without deeper knowledge of pgp or encryption at
all will be misguided and could think his communication be secured.
Indeed it isn't.
I'm of the same opinion as Stephan. Even if this service is maybe good
as-is, it could easily mislead the user into thinking that what he does
is secure. The user doesn't know that the message has been encrypted
with the end-user's key, and not with a MITM one. It may do more harm
than good; IDK, just an opinion.
This can easily fixed with appropriate warning-message on the page. I
personally don't see any problems here.
I don't like that server's backend is closed. I want to see the source
code of this resource, but opened is only pgp JS-lib.
Also, I hope you're not running an "open-relay" server, and that you
have some kind of mail-sending policy ;).
Good point. Very interesting to understand how this server protected
from relaying of junk mail :)
We would like to make PGP as usable as possible for everyone.
With https://encrypt.to you can send encrypted messages to PGP users
and you can receive encrypted messages from non-PGP users. We are
using client side encryption and we can't decrypt the message.
How does it work? When your public key is added to a sks keyserver
just open the link:
Many thanks in advance for your feedback.
Jan
--
Best regards, Dmitry,
head of UNIX-tech department NRNU MEPhI,
tel. 8 (495) 788-56-99, add. 8255