Now, how do we know which key distribution authority and which certifying authority to trust? Isn't this going to be a problem? Trust doesn't seen to work as well as it used to. Sarad. --- Dave Howe <DaveHowe@gmx.co.uk> wrote:
I am shocked that Hush appears to have been in a
the requesting authority with actual *content* of a Hush user account: my prior belief was that this was non-possible. The
J.A. Terranson wrote: position to have provided pwnage of this alone is
staggering in scope if correct. Anyone from Hush care to entertain us with an explanation of why this interpretation is incorrect?
I suspect given the circumstances (i.e. using hushmail as an smtp endpoint for web orders) a large proportion of the mail will be normal unencrypted SMTP rather than hush2hush traffic or conventionally openpgp encrypted from outside the system (I have extracted keys for conventional crypto on occasion from the hushmail web interface, but doing so on a regular basis is like pulling teeth)
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com