Google with end to end mail encryption

News that do not fit in elswhere

Moderators: b1o, jkerr82508

Post Reply
User avatar
viking60
Über-Berserk
Posts: 9351
Joined: 14 Mar 2010, 16:34

Google with end to end mail encryption

Postby viking60 » 04 Jun 2014, 15:52

Image
Google is developing a browser based end to end mail encryption.

The encryption is based on OpenPGP javascript and is licensed under the Apache 2 license.
Google wants more eyes on the security of the encryption so it will also be tested by the community. If you find an error or a flaw in End to End Google will pay you for finding it through the Vulnerability Reward Program.

This will make encryption much easier to use; much of the problem with regular encryption is that it is hard to implement and use. End to End will be delivered as a Chrome extension.

It is only the body that will be encrypted; The header and the list of recipients will remain unencrypted.
The project is still in its Alpha stage.

More here
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
Top
User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:
Contact Snorkasaurus

Re: Google with end to end mail encryption

Postby Snorkasaurus » 04 Jun 2014, 19:33

viking60 wrote:If you find an error or a flaw in End to End Google will pay you for finding it through the Vulnerability Reward Program.

Do "people still do not understand how to manage keys" or "people make crappy passwords" count as flaws? I guess not, but they are still probably the biggest hurdles in the quest for widespread encrypted mail.

viking60 wrote:End to End will be delivered as a Chrome extension.

:-(

viking60 wrote:It is only the body that will be encrypted; The header and the list of recipients will remain unencrypted.

Of course this is the same with PGP, GPG, or whatever other mail encryption... there is no way to encrypt the headers because then mail servers wouldn't be able to decrypt them and pass on the message to the appropriate destination.

Ultimately, SMTP is an awful protocol from a security and privacy perspective... I think the time would be better spent on replacing SMTP rather than working around it. There was a time that I would have said "you can't replace SMTP" because I couldn't imagine people being willing to give up there exiting communication paradigm... but between SMS and Facebook, they kind of have given it up.

Hmmm, is there a place around here where we can share our public keys?

S.
Top
User avatar
viking60
Über-Berserk
Posts: 9351
Joined: 14 Mar 2010, 16:34

Re: Google with end to end mail encryption

Postby viking60 » 05 Jun 2014, 01:08

I guess we could make a "share your public keys here" topic and make it a sticky.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
Top
Post Reply

Return to “General News”