On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote: > But in terms of architecture, a purely client-side > encryption/decryption is the preferred and most secure way.
OK, this depends on which side of the cryptosystem you assume to be more trustworthy: the server or your browser runtime. Especially javascript has some major drawbacks when it comes to crypto (just think XSS). See eg. here for a discussion: http://www.matasano.com/articles/javascript-cryptography/ A S/MIME browser plugin would definitely be the way to go, security-wise. Unfortunately, this is a nightmare maintenance-wise ... and also would take considerably more time (which is, as always, the limiting factor). So I'd rather stick with a server-side approach, even if it would not make it into an official release. Kind regards /markus
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
