[imp] Issues with PGP support in IMP

Iain iain@minihub.org
Fri, 10 May 2002 09:47:57 +1000

Previous message: [imp] gettext problems (still)
Next message: [imp] Issues with PGP support in IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am sorry if this has been raised before but I couldn't find much discussion 
in the archives.

>From what I can see the implementation of PGP support in IMP stores private 
keys on a server. Now, every piece of documentation I have ever read on PGP 
says that this is a bad idea and is not how PGP should be used.

Is there support for using private keys stored on a floppy or some other 
removable media? It would seem to me that doing this properly becomes 
extremely non trivial as it would mean a Java applet with the encryption 
algorithms built in. Something along the lines of hushmail - although I think 
that still stores the keys in a central database.

Don't get me wrong. I think it is great that someone has gone to the effort 
of writing this stuff but my concern is that it encourages people to use PGP 
in the wrong way and fall into a false sense of security about how secure 
their messages are.

cheers, Iain.
-- 
public key available at http://www.minihub.org/~iain/iain.asc

Previous message: [imp] gettext problems (still)
Next message: [imp] Issues with PGP support in IMP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]