bjoernvold.com

Google is developing a browser based end to end mail encryption.

The encryption is based on OpenPGP javascript and is licensed under the Apache 2 license.
Google wants more eyes on the security of the encryption so it will also be tested by the community. If you find an error or a flaw in End to End Google will pay you for finding it through the Vulnerability Reward Program.

This will make encryption much easier to use; much of the problem with regular encryption is that it is hard to implement and use. End to End will be delivered as a Chrome extension.

It is only the body that will be encrypted; The header and the list of recipients will remain unencrypted.
The project is still in its Alpha stage.

More here

viking60 wrote:If you find an error or a flaw in End to End Google will pay you for finding it through the Vulnerability Reward Program.

Do "people still do not understand how to manage keys" or "people make crappy passwords" count as flaws? I guess not, but they are still probably the biggest hurdles in the quest for widespread encrypted mail.

viking60 wrote:End to End will be delivered as a Chrome extension.

viking60 wrote:It is only the body that will be encrypted; The header and the list of recipients will remain unencrypted.

Of course this is the same with PGP, GPG, or whatever other mail encryption... there is no way to encrypt the headers because then mail servers wouldn't be able to decrypt them and pass on the message to the appropriate destination.

Ultimately, SMTP is an awful protocol from a security and privacy perspective... I think the time would be better spent on replacing SMTP rather than working around it. There was a time that I would have said "you can't replace SMTP" because I couldn't imagine people being willing to give up there exiting communication paradigm... but between SMS and Facebook, they kind of have given it up.

Hmmm, is there a place around here where we can share our public keys?

S.

I guess we could make a "share your public keys here" topic and make it a sticky.