[wellylug] GPG Webmail
Kevin Dorne
sweetpea-wellylug at tentacle.net
Tue Apr 27 15:52:31 NZST 2004
On Tue, Apr 27, 2004 at 11:44:35AM +1200, John C Barstow wrote:
> I agree for the general case. This is for a specific, controlled
> environment; the users will only be sending e-mail to other users on the
> same system. Keys will be generated and signed by the server, so noone
> will be compromising an existing key or a key used for other purposes.
> I'm reconciling two conflicting requirements - webmail access for
> non-technical users and encrypted emails to prevent casual
> eavesdropping.
> Remember, 70% of users will give you their password for a bar of
> chocolate and 30% of the same group will volunteer them for free.
> Private keys are the least of my worries.
This sounds more like an application for S/MIME than for PGP. Centralised management (you create your own CA), control over user certificates (you can issue revocations, etc.), and still SquirrelMail support (http://www.squirrelmail.org/plugin_view.php?id=54). It might be easier to manage.
-k
More information about the wellylug
mailing list