[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposal: PGPmail Plugin for Netscape/Mosaic



I don't know C, unfortunately, otherwise I'd program this myself.  So 
instead I'm putting it up for debate, and to encourage any cypherpunk to 
give it a shot if he/she thinks it's a good idea.

The idea behind this utility is to encourage the use of PGP for sending 
email.  Currently, using PGP with email requires you to compose the 
message, get the recipient's public key, encrypt the message, upload it 
to your system (or transfer it over using the clipboard), and email it.  
It would be much easier if sending a PGP email message was as simple as 
clicking a mouse.  This, this idea for a PGP plugin.  It goes like this:

You create a small text file containing an email address and a PGP public 
key.  Your own email address and key would be the best choice, of course, 
but it doesn't have to be yours.  Place that file on your Web page with a 
unique extension, such as public_key.key.  Include a link to this text 
file on your page, with a standard anchor like this:

<li><a href="http://public_key.key">Click here to send me a PGP email message</a>

When your Web browser reads a .key file, it invokes the PGPmail plugin 
utility.  This utility calls up a window that allows you to compose your 
email message (just like a standard email form).  When you have finished 
composing the message, you click the "Send" button as usual.  The utility 
then does the following:

- Reads the public key from the .key file.
- PGP-encrypts the message with that public key, using the PGP -eat option.
- Emails that PGP-encrypted message to the address given in the .key file.

The major advantage of this utility is that it would allow you to send an 
email message to anyone who puts their public key onto their Web page in 
this fashion, without having to go through the rigamarole of getting the 
public key, saving it to a file, encrypting the message, emailing the 
message, and then deleting the public key again (to keep from bloating 
your keyring, especially if it's not someone you plan to have a regular 
conversation with).

It would also ensure security on your part, because the PGP encryption 
would take place entirely on your own system.  You wouldn't have to 
depend on a CGI script and someone else's copy of PGP, because the email 
process doesn't take place until *after* you have encrypted the email 
message.

The ability to send a PGP-encrypted email message with one click of the 
mouse would result in an explosion of PGP use over the Web.  It would 
allow safe transactions of private information, such as people already do 
with PGP - but it would be so EASY that anyone with a Web browser could 
do it.