Hushmail in U.S. v. Tyler Stumbo
John Levine
johnl at iecc.com
Thu Nov 1 13:49:19 EDT 2007
>Since email between hushmail accounts is generally PGPed. (That is
>the point, right?)
Hushmail is actually kind of a scam. In its normal configuration,
it's in effect just webmail with an HTTPS connection and a long
password. It will generate and verify PGP signatures and encryption
for mail it sends and receives, but they generate and maintain their
users' PGP keys.
There's a Java applet that's supposed to do end to end encryption, but
since it's with the same key that Hushmail knows, what's the point?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list