On Thu, 2008-01-17 at 07:05 -0800, chris# wrote:
Server side GPG requires quite a bit of trust on the part of the user. *Especially* in the USA. The only way the user can ensure privacy is to do it on the client side. I would not want to promote a solution that hands the keys over to an email provider that can be ordered to intercept *and* not be allowed to notify the end user.
I tend to think it is more a matter of using a mail host that you trust. As in most of the cases where I've used gpg/pgp, it was server-side. I mean really, if you can't trust them with your keys, why would you trust them with your mail?
because encryption is used for communication over un-trusted parties :) so one can use a provider which cannot be trusted to "tunnel" trusted emails.
appart from that, i can clearly see the advantages of server-side encryption:
- no need to mess with all browsers (no need for firegpg or more js)
- might be faster (server may use compiled code and may have more power)
- can be done in the background so you may continue to check mails
- you do not need to carry your key arround with you and/or
- you can encrypt mails on untrusted computers
depending on the amount of work involved, i would let the user choose the way he wants to go ;)
cheers, raoul