GMail PGP verification?

David Shaw dshaw at
Fri Feb 13 21:42:06 CET 2009

On Fri, Feb 13, 2009 at 01:25:33PM -0700, Joseph Oreste Bruni wrote:
> On Friday, February 13, 2009, at 12:44PM, "David Shaw" <dshaw at> wrote:
> >Interesting.
> >
> >
> >
> >David
> I like the idea of signature validation, but I'm not so sure I would
> like the idea of uploading my private key to Google's servers in
> order to actually sign an email or to perform decryption.

Yes.  It's not clear exactly how they're going about this (and of
course, nobody has seen signing or encryption yet).  They could
possibly be heading towards a Hushmail type of system, where the key
activity can be done on your local system.

Even if they just do signing and sig verification, that would be a
huge boost in the number of signed messages out there on the net.  It
would certainly change the spoofed user equation, despite the various


More information about the Gnupg-users mailing list