[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: end-to-end encryption? SSL? GnuPG?


I agree that your idea of using GnuPG for everything is excellent. The IM client PSI is only one of many IM programs who now support using GnuPG for chatting. I agree that websites serving pages using GnuPG and Firefox - and every other browser out there - supporting it. I agree the idea is excellent, but .. I seriously doubt GnuPG will replace SSL - ever. But .. I agree it's a good idea.

In fact SSL won't be replaced. It will be used together with GPG. SSL is for preventing different type of attack - preventing eavesdropper between you and webserver. It is a standardized and widespread solution so there is no need to abandon it. But it dose not solve the problem of webmail stored on a webserver.

In fact - if I want to use GPG via webmail, I can't do this in an easy way. Or I have my keys stored on a webmail server (which is obviously bad), or I copy GPG'ed text to clipdoard decrypt it and copy it back. And of course - there is no widespread platform for this. I have to install GPG. While for using SSL I don't need to install anything.

And there is not just a question of webmail. You can GPG other things on the web. USENET, blog records, have a database with encrypted content which is decpryted locally, etc.

bye, Matej