Nelson Bolyard wrote: > c) If webmail users are to be able to sign or decrypt mail using the > webmail service itself, their keys must be stored by the webmail > provider. That's a can of worms, a massive headache for the webmail > providers that they'd rather avoid (and do). Then there's the whole > matter of "expectation of privacy", and other legal matters that vary by > country. The webmail providers believe they have MUCH less liability if > their users have little expectation of privacy for their email. And as > we know, most users don't actually value their privacy much. IMO, > that's the real problem for all forms of "secure" email.
I know it's not webmail in the sense of Gmail, Yahoo, etc, but Exchange 2003's Outlook Web Access has an ActiveX S/MIME plugin that, once installed, allows you to send/receive signed/encrypted emails. The credentials are not stored on the server. I really don't know the full story of how it works and what, if any, role the Exchange server has in the process, but if Microsoft can implement S/MIME for their webmail maybe it's not completely out of the realm of possibility for the rest of us. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
