* Tobias Gondrom wrote: >The widespread use case of zero-footprint clients, aka webmail: >if you have no client / your client is a browser window for webmail, you >have to upload your private key to the server (and must store it there). >I.e. you would upload your private key to Google and other mail >providers. And a part of PRISM was/is to deploy direct access points on >these servers in the first place. With the access to all webmail servers >and through this to all private keys there, PRISM would at the same time >also retain full access to emails received on full-clients. So while >this might help us against spam, we might in the end not be much better >off against pervasive state-driven surveillance. Or am I missing something?
It is of course possible to keep the keys on the client and it would also be possible to develop new web browser features to keep certain data unknowable to the site you are visiting, with some limitations. Acme Inc would of course still take your keys to help you synchronise them across devices, or as backup, or to use them as another factor in new multi-factor authentication schemes, or simply because they've been ordered to do so. Perhaps through the DRM system where it would be hard to notice, or the surveillance software that ostensibly makes sure we are unable to cheat in browser games (that's coming, right?) -- Björn Höhrmann · mailto:[email protected] · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
