[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proposal: PGPmail Plugin for Netscape/Mosaic
- To: [email protected]
- Subject: Proposal: PGPmail Plugin for Netscape/Mosaic
- From: [email protected] (Modemac)
- Date: Sat, 15 Jun 1996 05:52:17 -0700
- Newsgroups: alt.security.pgp
- Organization: NETCOM On-line Communication Services (408 261-4700 guest)
- Sender: [email protected]
I don't know C, unfortunately, otherwise I'd program this myself. So
instead I'm putting it up for debate, and to encourage any cypherpunk to
give it a shot if he/she thinks it's a good idea.
The idea behind this utility is to encourage the use of PGP for sending
email. Currently, using PGP with email requires you to compose the
message, get the recipient's public key, encrypt the message, upload it
to your system (or transfer it over using the clipboard), and email it.
It would be much easier if sending a PGP email message was as simple as
clicking a mouse. This, this idea for a PGP plugin. It goes like this:
You create a small text file containing an email address and a PGP public
key. Your own email address and key would be the best choice, of course,
but it doesn't have to be yours. Place that file on your Web page with a
unique extension, such as public_key.key. Include a link to this text
file on your page, with a standard anchor like this:
<li><a href="http://public_key.key">Click here to send me a PGP email message</a>
When your Web browser reads a .key file, it invokes the PGPmail plugin
utility. This utility calls up a window that allows you to compose your
email message (just like a standard email form). When you have finished
composing the message, you click the "Send" button as usual. The utility
then does the following:
- Reads the public key from the .key file.
- PGP-encrypts the message with that public key, using the PGP -eat option.
- Emails that PGP-encrypted message to the address given in the .key file.
The major advantage of this utility is that it would allow you to send an
email message to anyone who puts their public key onto their Web page in
this fashion, without having to go through the rigamarole of getting the
public key, saving it to a file, encrypting the message, emailing the
message, and then deleting the public key again (to keep from bloating
your keyring, especially if it's not someone you plan to have a regular
conversation with).
It would also ensure security on your part, because the PGP encryption
would take place entirely on your own system. You wouldn't have to
depend on a CGI script and someone else's copy of PGP, because the email
process doesn't take place until *after* you have encrypted the email
message.
The ability to send a PGP-encrypted email message with one click of the
mouse would result in an explosion of PGP use over the Web. It would
allow safe transactions of private information, such as people already do
with PGP - but it would be so EASY that anyone with a Web browser could
do it.