[KLUG Advocacy] PGP & Hushmail On NPR
Adam Tauno Williams
adam at morrison-ind.com
Thu Feb 23 08:56:08 EST 2006
On Wed, 2006-02-22 at 18:08 -0500, greenproc wrote:
> > I looked at them before. Their web interface does all the encryption
> > transparent to the user (they only enter their passphrase). And (IIRC)
> > everything is stored on their server encrypted, and the decryption is
> > done locally in the browser (Java?) so even the hushmail admin(s) can't
> > read your email
> "...When a user wishes to encrypt/decrypt data or verify/sign a
> signature, a connection is automatically made to a Hush Key Server to
> retrieve the necessary Public/Private Key..."
> It would seem to be a bad practice to have a third party responsible for
> your Private/Public key pair -- even if they have a "secure" method.
Yep, but if all you are is a Windows PC user is there really any "first
party"? I'd trust my key in someone else's LDAP server before I'd trust
it on a Winbloze box running IE. If your choice is between getting shot
with a .22 caliber rifle or a Colt 45 at point-blank range, which you
you pick?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/advocacy/attachments/20060223/58281616/attachment.bin
More information about the Advocacy
mailing list