IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine. Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail. I am looking for advice on how to implement a mobile client: Option A is to re-create the current client functionality for the mobile platforms. That is a lot of work, and I am not experienced in mobile programming. There is a port of gpg to Android, but I don't know how good it is. I know zero about Apple. This has disadvantages: for example, if I receive a 1GB message at home, there is no way for the phone to get only part of that message. It needs the whole message to check the signature. The worst problem, however, is that you are carrying your private key around with you. Phones are not secure and cannot be made secure. The carrier has root on the phone, whether you do or not. Phones are easy to physically take, and do not have trustworthy encryption. I do not want my GPG key on my phone. Option B is three-tier client server. Your PC at home has the private key, and talks to the Confidant Mail server. It also exposes a port which the phone accesses over a secure connection. The phone can request parts of messages, and the PC does the GPG encryption and decryption. This has the advantage that the phone client is smaller, the big message problem is solved, and the exposed key problem is solved. The middleware on the PC could have constraints such as not allowing the whole mailbox to be downloaded, and logging itself out after some number of failed remote access attempts. The downside is you need a PC running, you need to be smart enough to expose a port, and the PC is sitting there unattended, with the private key in memory, waiting for someone to come and grab it. Option C is a mobile web client. Similar to B, but instead of a client-server protocol, it uses HTTPS and generates mobile friendly HTML. Advantages relative to B are that one client supports all the mobile platforms, and there is no mobile code to write. Disadvantage is that the mobile browser is pretty easy to hack, and there is likely plaintext cached in the phone at any given time. Anyone who needs strong security probably should not use a mobile device. However, many people will want access to Confidant Mail on their phones. Do you have an opinion on the right way to provide it? http://www.confidantmail.org/forums/index.php?topic=27.msg47 Mike Ingle <mike@confidantmail.org> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2