On 10/13/22 02:52, Kjetil Torgrim Homme wrote:
It is not impossible to implement true E2EE web-mail - you just have to do the decryption using JavaScript in the browser.
Practically speaking this is not much of an improvement, since the application vendor can always alter that JS to disclose cleartext, can even do so selectively on a per-user basis, and can be coerced into doing so by governments and perhaps others.
Keith -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
