[Tickets #5753] Re: Minimize lacking PGP forward secrecy with webmail
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Nov 13 04:43:55 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/5753
------------------------------------------------------------------------------
Ticket | 5753
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Minimize lacking PGP forward secrecy with webmail
Queue | IMP
-Version | HEAD
+Version | Git master
Type | Enhancement
-State | Accepted
+State | Stalled
-Priority | 2. Medium
+Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2013-11-12 21:43) wrote:
See #7375. Simply put - it is impossible to generate revocation
certificates from within PHP. So that's not possible.
As such, it doesn't make much sense to not allow downloading of the
key after creation. It would be a giant PITA to generate the key and
forward to the keyserver, without the ability to alter this later.
It comes down to the amount of trust one has. If they are not
comfortable or are afraid of clickjacking, then don't use webmail to
send PGP messages. But clickjacking is just as much of a thread on a
console or an OS, so that can't be the controlling concern.
More information about the bugs
mailing list