Menu
▾
▴
Re: [SM-PLUGINS] Dose G/pgp plugin perform clent to clent email encryption
|
From: Paul L. <pa...@sq...> - 2011-11-03 02:05:59
|
>> i want to know whether openpgp plugin of squirrelmail perform clent to >> client encryption (excluding the encryption done if ssl in used to connect >> the client and server) like in hushmail..... or the encryption is >> performed on the server on which squirrelmail is running. That depends what you mean by "client". Remember that webmail client software is executed primarily on the web server and the browser only does a few menial tasks once the page is delivered to the user. The GPG plugin thus encrypts and decrypts data on the web server. If using SSL, the transmission of the plaintext to/from the user will be encrypted of course. Data in this scenario is reasonably protected from casual prying eyes, but not anyone with administrative access to the web server. This is exactly the same as Hushmail's non-Java-based client as far as I know. I'm not sure you'll find an Open Source version of their Java-based solution, but I wouldn't be surprised if there was something out there that could be adapted. However, you should note that Hushmail is seen as insecure because in certain legal situations, they may be forced to turn over plaintext data no matter if you're using the Java-based solution or not. This issue highlights the fact that privacy experts all along have stressed that the ONLY way to ensure safe end-to-end encryption is to run GPG on end user computers -- using something like Enigmail with Thunderbird being one of the best examples of such. So if you're looking for a "solution" that lets end users avoid the hassles of managing their own encryption software, you need to understand that there is no such solution that does not have certain vulnerabilities. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php |
