[Tickets #5753] Re: Minimize lacking PGP forward secrecy with webmail

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Nov 13 04:43:55 UTC 2013


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/5753
------------------------------------------------------------------------------
  Ticket             | 5753
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | Minimize lacking PGP forward secrecy with webmail
  Queue              | IMP
-Version            | HEAD
+Version            | Git master
  Type               | Enhancement
-State              | Accepted
+State              | Stalled
-Priority           | 2. Medium
+Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2013-11-12 21:43) wrote:

See #7375.  Simply put - it is impossible to generate revocation  
certificates from within PHP.  So that's not possible.

As such, it doesn't make much sense to not allow downloading of the  
key after creation.  It would be a giant PITA to generate the key and  
forward to the keyserver, without the ability to alter this later.

It comes down to the amount of trust one has.  If they are not  
comfortable or are afraid of clickjacking, then don't use webmail to  
send PGP messages.  But clickjacking is just as much of a thread on a  
console or an OS, so that can't be the controlling concern.





More information about the bugs mailing list