Honestly, if I were looking for a secure email system with built in support for encryption I'd want to be able to configure the client with my own private key and never have that sent to the server or over the internet at all. Or maybe I read that wrong... In any case, any key used to encrypt content shouldn't be going anywhere or used anywhere but my local system.
Providing your own key could easily be an option. I'm just thinking about my parents though - they would never in their life be able to or want to configure a mail client with a private/public key pair. But they can remember a passphrase and use keepass/lastpass to store all their passwords locked by one master. I'm trying to adapt that same concept (and the ease of use it brings) to bring encryption to the masses in e-mail/IM.
2 comments
[ 3.2 ms ] story [ 19.4 ms ] threadProviding your own key could easily be an option. I'm just thinking about my parents though - they would never in their life be able to or want to configure a mail client with a private/public key pair. But they can remember a passphrase and use keepass/lastpass to store all their passwords locked by one master. I'm trying to adapt that same concept (and the ease of use it brings) to bring encryption to the masses in e-mail/IM.