On Fri, Feb 13, 2009 at 01:25:33PM -0700, Joseph Oreste Bruni wrote: > > On Friday, February 13, 2009, at 12:44PM, "David Shaw" > <ds...@jabberwocky.com> wrote: > >Interesting. > > > >http://googlesystem.blogspot.com/2009/02/gmail-tests-pgp-signature-verification.html > > > >David > > > I like the idea of signature validation, but I'm not so sure I would > like the idea of uploading my private key to Google's servers in > order to actually sign an email or to perform decryption.
Yes. It's not clear exactly how they're going about this (and of course, nobody has seen signing or encryption yet). They could possibly be heading towards a Hushmail type of system, where the key activity can be done on your local system. Even if they just do signing and sig verification, that would be a huge boost in the number of signed messages out there on the net. It would certainly change the spoofed user equation, despite the various drawbacks. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users