Tim said:
-- begin quote --
I can't speak to the truth or falsity or plausibility of some of the claims
here, but there is a general point: modularization.
There is no real reason for crypto to be built into complex products, at least
not when those products are well-suited for handling text (and even files).
If speech is in the form of ASCII (or even MIME) text, then end-to-end crypto
can be done using fairly basic (and hence more easily verfied, audited, and
tested by time) modules which are NOT PART OF THE MORE COMPLEX PRODUCT.
To wit, who really cares whether Netscape 4.08 or 4.07 has crypto built in so
long as a robust, non-trapdoored crypto program is available/
-- end quote --
I quite agree. In fact, that's why I don't use a web browser as a mail client
(this nym's only interface is webmail, which is a different case). The salient
point of this thread, though, is that the built-in crypto under discussion is
the SSL engine, not the mail client. If you (or anyone else) knows of a web
browser that takes a drop-in SSL module (hopefully open-source), I'd be pleased
to learn of it. Would be interesting to see if Wells Fargo would accept a
connection from such a browser.
