Jason Fesler jfesler at gigo.com
Thu Jan 17 16:17:59 CET 2008

> I tend to think it is more a matter of using a mail host that you trust. 
> As in most of the cases where I've used gpg/pgp, it was server-side. I 
> mean really, if you can't trust them with your keys, why would you trust 
> them with your mail?

It is less a matter of trusting the host, and more a matter of trusting 
one's government.  Hosts can be compelled to not provide any notification 
to you what they turn over.

As to trusting a host with my provider, I worry less about that - that's 
what GPG is for (when both parties have the keys, not the server 

The only case where I could see round cube implementing gpg fully on 
server side is where the user is also the operator.  That still leaves 
keys being stored on a multiuser server, but at least he'd know if he was 
served an order.

Oh well, off my soap box.  Implement what you want.  I just hope any 
README or whatever includes some paranoia.

List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list