end-to-end encryption? SSL? GnuPG?

Matej Kovacic matej.kovacic at owca.info
Sun Oct 22 13:12:33 UTC 2006


Hi,

> I agree that your idea of using GnuPG for everything is excellent. The IM 
> client PSI is only one of many IM programs who now support using GnuPG for 
> chatting. I agree that websites serving pages using GnuPG and Firefox - and 
> every other browser out there - supporting it. I agree the idea is excellent, 
> but .. I seriously doubt GnuPG will replace SSL - ever. But .. I agree it's a 
> good idea.

In fact SSL won't be replaced. It will be used together with GPG. SSL is 
for preventing different type of attack - preventing eavesdropper 
between you and webserver. It is a standardized and widespread solution 
so there is no need to abandon it. But it dose not solve the problem of 
webmail stored on a webserver.

In fact - if I want to use GPG via webmail, I can't do this in an easy 
way. Or I have my keys stored on a webmail server (which is obviously 
bad), or I copy GPG'ed text to clipdoard decrypt it and copy it back. 
And of course - there is no widespread platform for this. I have to 
install GPG. While for using SSL I don't need to install anything.

And there is not just a question of webmail. You can GPG other things on 
the web. USENET, blog records, have a database with encrypted content 
which is decpryted locally, etc.

bye, Matej



More information about the tor-talk mailing list