(Thanks for the link.) It says hushmail had a simplified web-only version (no
java applet) and that the disclosure of client emails did not involve
pressured code changes (at least code shipped to clients), rather that as a
natural consequence of the way passwords would be processed on the server
side and decryption happened on the server side so hushmail had the
passwords, private keys, and decrypted plaintexts at leas in memory to hand
over on request.
Adam
On Fri, Aug 09, 2013 at 08:59:53PM -0400, Jeffrey Walton wrote:
On Fri, Aug 9, 2013 at 8:56 PM, Adam Back <[email protected]> wrote:
...
Its less clear what lavabit were talking about. Perhaps something similar
in terms of an SMTP interoperability encryption gap, or alternatively about
being pressured to modify code (which people seem to assume, but I didnt see
explicitly stated).
There were some hushmail rumors about code modification some years back -
does anyone know what actually at hushmail?
Encrypted E-Mail Company Hushmail Spills to Feds,
http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.
