- From: James Marshall <james@jmarshall.com>
- Date: Tue, 25 Mar 2014 17:19:24 -0700
- To: noloader@gmail.com
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Received on Wednesday, 26 March 2014 00:19:52 UTC
On Tue, Mar 25, 2014 at 4:07 PM, Jeffrey Walton <noloader@gmail.com> wrote: > On Tue, Mar 25, 2014 at 6:52 PM, James Marshall <james@jmarshall.com> > wrote: > > On Tue, Mar 25, 2014 at 2:24 PM, Ryan Sleevi <sleevi@google.com> wrote: > >> ... > >>> ... For example, I'd like > >>> to see a webmail site with full end-to-end encryption, without making > us > >>> trust the server at all. CSP helps, but is not a full solution. > >> > >> No. This is impossible. This is not a valid threat, and not something in > >> scope for this WG. > > > > Well, fair enough if it's not in scope, but I think it leaves a > significant > > problem unaddressed. Is secure webmail impossible then?... > Yes. The problem is in the protocol, not in the implementations. You > can't fix the architectural defects without breaking the existing > protocol. You need a new protocol. > > That's why folks like Silent Circle abandoned support for email. Its > literally impossible to secure. > Interesting, I didn't know that. Do you know if any new secure protocols are being developed? Thanks, James
Received on Wednesday, 26 March 2014 00:19:52 UTC