Hello,
I'm really happy to see PGP/GPG support in roundcube progressing ;)
Am 30.06.2012 17:34, schrieb Niklas:
I've been working on implementing OpenPGP.js in Roundcube for the past couple of days. It's still an unfinished project in development, but since there's such high demand for the result I ought I'd ask you guys for some early feedback.
For those of you who don't know: OpenPGP.js is a fork of the previous GPG4Browsers. The intent is to port all OpenPGP functionality into JavaScript so that third party software isn't required for PGP activity. It uses HTML5 web storage and standard PKI keyrings (private keys excluded).
It sounds like a interesting implementation.
Speaking of Enigma: I'm sure someone will ask why I extend that instead. With all due respect to its authors and fans, Enigma has been stuck in development for 2 years, and PGP support has been planned for Roundcube for 6 years. I'm not sure whether Enigma is really relevant or not. Also I can not support a plugin that implements encryption as a server side solution. The main goal of encryption is to ensure that the data can not be accessed by unauthorized people. I believe that people hosting other people's mail should be treated as unauthorized, and giving private keys away to somebody else really fights against the entire purpose. And then arises the exact same problem that Hushmail users are experiencing: http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
I agree that in most situations users shouldn't trust their ISPs. At least they shouldn't give them private keys. But in other cases it's actually the other way round: If people host their own webmail, and have full control over the server hosting it, it might be much safer to store a passphrase-encrypted subkey on this server than to import the secret key into browser cache on public internet clients. The great thing about server-side key storage is, that the secret key never leaves the server.
I actually see good reasons for both implementations. But the best would be to merge both as much as possible and keep code / function duplications small.
Regards, jonas