With all the current discussion on Java encryption api's, it got me thinking. Would it be possible to write a Java applet that provides secure email? By secure, I mean that nobody but the intended recipient of a letter can read it. And that the reader knows who wrote it. That is, encryption and signing a la PGP. Using https you would download a Java applet from your mail server. Https is needed so that a MITM can not give you a fake applet. The applet will fetch your secring.pgp from the mail server. It will fetch your mail by POP3 from same server and decrypt any PGP mail using the pass phrase you enter in the applet window. Problem with this setup, your mail server administrator could give you a fake applet that sends your pass phrase back to him. That means that the applet must be verified anyhow, so maybe https doesn't really help. Anybody see a solution to this? If the applet viewer (such as Netscape 2.0) would show an MD5 sum of the applet, we could verify that with a third party. But it should be done automatically, like the way Netscape verifys https. <wiz@c2.org>