[KLUG Advocacy] PGP & Hushmail On NPR

[Adam Tauno Williams]

On Wed, 2006-02-22 at 18:08 -0500, greenproc wrote:
> > I looked at them before.  Their web interface does all the encryption
> > transparent to the user (they only enter their passphrase).  And (IIRC)
> > everything is stored on their server encrypted, and the decryption is
> > done locally in the browser (Java?) so even the hushmail admin(s) can't
> > read your email
> "...When a user wishes to encrypt/decrypt data or verify/sign a 
> signature, a connection is automatically made to a Hush Key Server to 
> retrieve the necessary Public/Private Key..."
> It would seem to be a bad practice to have a third party responsible for 
> your Private/Public key pair -- even if they have a "secure" method.

Yep,  but if all you are is a Windows PC user is there really any "first
party"?  I'd trust my key in someone else's LDAP server before I'd trust
it on a Winbloze box running IE.  If your choice is between getting shot
with a .22 caliber rifle or a Colt 45 at point-blank range, which you
you pick?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/advocacy/attachments/20060223/58281616/attachment.bin