Comments on: FireGPG Firefox Plugin for GnuPG http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/ collected Thu, 11 Feb 2010 21:18:32 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Paul http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/comment-page-1/#comment-9581 Paul Mon, 27 Oct 2008 01:32:35 +0000 http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/#comment-9581 Although I will admit to being a bit late in hearing about it, the revelation that Hushmail will roll over and provide decrypted e-mails when presented with a court order (as published in November 2007) makes them or any service that has custody of your private key suspect and vulnerable to LEO access. Since IBE *relies* on a third-party server providing the private key to allow decryption of the e-mail, it is NOT secure. IMO, it's probably *less* secure than Hushmail, which *admits* that they are subject to and will comply with court orders.<br><br>Voltage may have the best of intentions, but I have issues with the IBE model they are selling. PGP/GPG, while a bit more difficult to set up, you are the only one that should have access to your private key *and* the passphrase required to decrypt or sign messages. And you're right, you can't make people use PGP/GPG. Like the old saying goes, "You can lead a horse to water, but you can't make it drink." Although I will admit to being a bit late in hearing about it, the revelation that Hushmail will roll over and provide decrypted e-mails when presented with a court order (as published in November 2007) makes them or any service that has custody of your private key suspect and vulnerable to LEO access. Since IBE *relies* on a third-party server providing the private key to allow decryption of the e-mail, it is NOT secure. IMO, it's probably *less* secure than Hushmail, which *admits* that they are subject to and will comply with court orders.

Voltage may have the best of intentions, but I have issues with the IBE model they are selling. PGP/GPG, while a bit more difficult to set up, you are the only one that should have access to your private key *and* the passphrase required to decrypt or sign messages. And you're right, you can't make people use PGP/GPG. Like the old saying goes, “You can lead a horse to water, but you can't make it drink.”

]]> By: Paul http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/comment-page-1/#comment-9345 Paul Sun, 26 Oct 2008 18:32:35 +0000 http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/#comment-9345 Although I will admit to being a bit late in hearing about it, the revelation that Hushmail will roll over and provide decrypted e-mails when presented with a court order (as published in November 2007) makes them or any service that has custody of your private key suspect and vulnerable to LEO access. Since IBE *relies* on a third-party server providing the private key to allow decryption of the e-mail, it is NOT secure. IMO, it's probably *less* secure than Hushmail, which *admits* that they are subject to and will comply with court orders.<br><br>Voltage may have the best of intentions, but I have issues with the IBE model they are selling. PGP/GPG, while a bit more difficult to set up, you are the only one that should have access to your private key *and* the passphrase required to decrypt or sign messages. And you're right, you can't make people use PGP/GPG. Like the old saying goes, "You can lead a horse to water, but you can't make it drink." Although I will admit to being a bit late in hearing about it, the revelation that Hushmail will roll over and provide decrypted e-mails when presented with a court order (as published in November 2007) makes them or any service that has custody of your private key suspect and vulnerable to LEO access. Since IBE *relies* on a third-party server providing the private key to allow decryption of the e-mail, it is NOT secure. IMO, it's probably *less* secure than Hushmail, which *admits* that they are subject to and will comply with court orders.

Voltage may have the best of intentions, but I have issues with the IBE model they are selling. PGP/GPG, while a bit more difficult to set up, you are the only one that should have access to your private key *and* the passphrase required to decrypt or sign messages. And you're right, you can't make people use PGP/GPG. Like the old saying goes, “You can lead a horse to water, but you can't make it drink.”

]]> By: Doug http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/comment-page-1/#comment-6970 Doug Mon, 21 Apr 2008 23:28:23 +0000 http://www.secretelite.com/michael/2008/04/18/firegpg-firefox-plugin-for-gnupg/#comment-6970 Not everyone uses GPG or PGP...and you cannot make them use it. That's why it's NOT easy to use. Solutions like Voltage SecureMail allows you to send encrypted messages to anyone using Identity Based Encryption (IBE), the next generation of PKI. See http://www.voltage.com/vsn to try it for yourself. You can use it with Firefox, IE, Safari...any browser... Messages are in control of the sender and the recipient...never stored on the service. Not everyone uses GPG or PGP…and you cannot make them use it. That’s why it’s NOT easy to use. Solutions like Voltage SecureMail allows you to send encrypted messages to anyone using Identity Based Encryption (IBE), the next generation of PKI.

See http://www.voltage.com/vsn to try it for yourself.

You can use it with Firefox, IE, Safari…any browser…

Messages are in control of the sender and the recipient…never stored on the service.

]]>