[Cryptography] Google "End to End"

Brian M. Waters brian at brianmwaters.net
Fri Jun 6 10:50:02 EDT 2014


On Thu, 5 Jun 2014 22:46:08 -0700
Tom Mitchell <mitch at niftyegg.com> wrote:
> Google is putting a toe into the crypto world
> for email.....
> 
>    https://code.google.com/p/end-to-end/

After a long conversation with a friend where we discussed the various
merits and demerits of front-end crypto, and concluded the browser
would need to be extended, I woke up  to find Google's End-to-End -
almost our idea exactly!

I haven't looked closely at it yet, but the website says it doesn't
support RSA because it takes too long to generate keys. Instead, all
users will have to use EC keys.

That's fine, in principle, but if existing PGP users aren't able to at
least *import* *existing* RSA keys, there will be a huge barrier to
adoption here. How many of us are really using EC keys with GnuPG, etc?

They're probably thinking users will have to generate their own EC keys
with End-to-End, but that ignores the fact that many folks will be
reluctant to abandon their old keys - which are spread around the net
in correspondent's mail clients, and might contain signatures they
don't want to give up.

Other than that, though, I think it sounds cool and I'm excited to try
it out and look at the code. In fact, RSA might even be something the
community can develop and push upstream. Like I said, even if Google
doesn't want to do RSA keygen, RSA key import would be very valuable.

BW

-- 
Brian M. Waters
Burlington, Vermont, USA
+1 (908) 380-8214
brian at brianmwaters.net
https://brianmwaters.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140606/788776ab/attachment.sig>


More information about the cryptography mailing list