It’s certainly true that people now use both webmail and PC-based clients.
But while this would seem on the face of it to effect the potential for CSE use to spread, IMO it is actually less relevant than it seems.
If people are security conscious they are not going to want to trust webmail services with their private keys. They are more likely to want to use PC-based clients and local storage of private keys.
In the unlikely event that they use webmail for secure email they are going to want a CSE ‘one-time-reader’ like solution where, as I understand it the browser co-operates with software on the PC to decrypt and encypt emails so the private key never gets uploaded. [edit] Maybe people should use CSE on a USB stick when away from base?
My ISP offers PGP email encryption/decryption on the server via upload of certificates (using the Horde email package). Would I use this if operating in a secure environment? No - to use it I’d have to trust my ISP’s security procedures.
More to the point perhaps is to extend CSE into the mobile environment…
But just for my information, if you can bear to post again, could you post a link to this PGP package you are talking about? Is it Symantec PGP? Just downloaded it and it appears to work (but uses DB of public keys rather than key interchange), but they want £££ after the trial period.
You are ahead of me with pgp, but my guess is that the public data base is additional to exchange of keys.
It can be obtained from http://www.symantec.com/business/desktop-email. And Encryptus is from Firetrust and is expected to be released very soon, though they have been saying that for a while now.
Pgp is costly, but only a tiny fraction of the value of the time that either of us has spent on this topic. I had a problem with getting pgp to work when I tried v10.1, but my main concern with it is that is has failed to ‘diffuse’ and is too costly to do so very widely. On the other hand, it does use s/mime, so that the occasional correspondent does not need anything more than a certificate, which is very easily supplied by Comodo, though I think a purist would want a self generated certificate rather than one that the issuer could have a copy of.
I endorse what you say about web based encryption and decryption. It is important to appreciate that some or even many users of encryption are driven partly by the fact that they owe a duty of confidentiality to someone, and if there has been a leak and you need to show that you could not have been responsible, starting from the position that you have potentially enabled a third party to obtain the confidential information is a hopeless position to be in. You would have incurred the onus of proving something that you are unlikely to be able to prove even if it is true. Nobody owing a duty of confidentiality, who is properly advised, is going to put himself in that position.
I will try to reply to posts, but I fear I may lapse into a breach of the rules of the forum if I experience repetition of the posting problems I have had so far.
Thanks for the info, and for the important insights re the value & context of secure email usage. I hope Melih reads it.
The Symantec package kept freezing my system, so I uninstalled. Probably an LSP security software conflict so you may be OK with ESET. I had to uninstall using a restore pt though, symantec uninstaller failed. During symantec instalation you can choose the free version - cut down but it may do what you need. I chose the paid version, but dare not try again.
Sorry re continued problem with Forum software. Have you tried opting for ‘keep me logged in forever’ or tried using Lazarus? I have had problems myelf, but nothing like as bad as you describe. The software tends to hate repeated saves of one post as you update it though.
Hope this helps a bit. Don’t feel you need to reply if you cannot make the forum software behave. Did you try PMing EricJH?
Best wishes
Mouse
Renaming comodoSE has worked for me, in case you are interested.