[in retrospect, not much direct crypto relevance in my reply] Raph Levien writes:
Another scenario which works is email, even including transparent encryption. This one is interesting to me, so I'll go into a little more detail. In this scenario, the server acts as a file server for keyrings (both public and secret) and mail spools. Here's a typical sequence of events for me getting my mail and replying to one message:
1. I call up the JavaMail web page, which is just a wrapper for the JavaMail applet.
2. The JavaMail applet starts with a forms-style login screen. I type my username.
3. The applet asks the server for my mail spool (given the username and perhaps also a password for authentication).
4. The applet displays my mail spool on the screen and lets me fiddle with it, scrolling through it, reading messages, etc. [...steps 5-10 elided...] To me, this is an exciting scenario. Note that, as long as you trust the browser, this lets you read your mail from anywhere.
I'm trying to mentally compare this scenario with the use of a cryptographically-outfitted mailer operated through an encrypted telnet session. First of all, I suppose the browser has groovy bells and whistles to spice up reading email. Maybe you could run a snazzy GUI standalone mailer in some windowing protocol through the encrypted telnet link as an alternative. This is largely irrelevant to me personally, but could make a huge difference to the hoi polloi. Ignoring such interface concerns, what kinds of situations would be conducive to the JavaMail approach but not, say, ssh+Elm+PGP ? Perhaps I'm visiting someone where there's no local POP for my ISP. The friend I'm visiting has e.g. an AOL account. I would like to read mail on my remote account via her AOL browser. Am I wrong in assuming that I couldn't execute a telnet: URL with the AOL browser ? -Futplex <futplex@pseudonym.com>