[RCD] Status of S/MIME and PGP support
markus at wernig.net
Sun Dec 1 14:20:24 CET 2013
On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote:
> But in terms of architecture, a purely client-side
> encryption/decryption is the preferred and most secure way.
OK, this depends on which side of the cryptosystem you assume to be more
has some major drawbacks when it comes to crypto (just think XSS). See
eg. here for a discussion:
A S/MIME browser plugin would definitely be the way to go, security-wise.
Unfortunately, this is a nightmare maintenance-wise ... and also would
take considerably more time (which is, as always, the limiting factor).
So I'd rather stick with a server-side approach, even if it would not
make it into an official release.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4080 bytes
Desc: S/MIME Cryptographic Signature
More information about the dev