HackDig : Dig high-quality web security articles for hacker

Yahoo to begin offering PGP encryption support in Yahoo Mail service

2014-08-11 21:16

In an interview with the Wall Street Journal, Stamos acknowledged that the introduction of encryption will require some amount of education for users to make sure their privacy expectations are set appropriately. For example, he explained that PGP encryption won’t cloak the destination of your e-mail. "We have to make it clear to people it is not [a] secret you’re emailing your priest, but the content of what you’re e-mailing him is secret," Stamos said.

Of course, nothing is stopping sufficiently motivated users from using PGP encryption with Yahoo Mail today. The problem is that without a plug-in like End-to-End, getting asymmetric key cryptography working in webmail (or in any e-mail client, for that matter) requires climbing a relatively steep learning curve. People wanting to communicate via encrypted e-mail have to be at least minimally familiar with how to exchange and manage public keys, how to keep their private keys properly secure, and how to actually encrypt and decrypt messages. Flattening that curve and turning encryption into a single-click process will go a long way toward increasing the number of people actively using encryption in e-mail.

The Wall Street Journal also brings up Lavabit, the encrypted e-mail provider that chose to go out of business last year rather than continue operating after giving the FBI the ability to decrypt its users’ messages. In Lavabit’s case, the government was able to compel the company to turn over its private SSL-TLS key, which could be used to view encrypted messages in flight between users’ computers and the Lavabit servers. With PGP encryption implemented in a browser plug-in, though, messages are encrypted before they’re transmitted, and the private keys cannot be disclosed by Yahoo because the company doesn’t possess them.

Stamos’ statement on the matter of what would happen if a government agency came calling is blunt. He characterizes Yahoo as "a multibillion-dollar company with an army of lawyers who would love to take this argument all the way to the Supreme Court."


Source: liam-oohay-ni-troppus-noitpyrcne-pgp-gnireffo-nigeb-ot-oohay/80/4102/ytiruces/moc.acinhcetsra

Read:3326 | Comments:0 | Tags:Risk Assessment EFF email encrypted email encryption end-to-

“Yahoo to begin offering PGP encryption support in Yahoo Mail service”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud