back to article Yahoo! will! deploy! end-to-end! email! crypto! by! 2015!

Yahoo will fire up end-to-end (E2E) encryption for its email users by 2015, chief security officer Alex Stamos announced at Black Hat overnight. The Purple Palace has also created a PGP plugin forked from Google's new offering that will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email …

  1. Anonymous Coward
    Anonymous Coward

    PGP eh?

    I wonder how they store the private key?

    1. brooxta

      Re: PGP eh?

      That's a good question, one that everyone familiar with public key cryptography would know to ask.

      If Yahoo! did anything like storing unencrypted private keys on their servers then their implementation would be slammed by everyone with any security credibility and the whole thing would be dead in the water.

      Since most users have No Clue (in this case, specifically, about email privacy and cryptography) then Yahoo! will be dependent on third party assessments of their security product/model in order to gain traction and buy in.

      That being the case I would be fairly confident that Yahoo! will handle the key safely (ie. either only stored locally on the user's computer, or else - like Lastpass - storing an encrypted copy on their servers and only ever decrypting it locally).

  2. Dan 55 Silver badge
    Thumb Down

    Closing all outstanding bugs and re-opening only those which are relevant and verifiable

    AKA time will make the problem go away... or the customers.

  3. Anonymous Coward
    Unhappy

    Oi! Marissa! Sort out the bugs in your web mail!

  4. James 100

    Meanwhile, struggling with advanced security concepts ...

    ... such as "logging on".

    Each time I logged in to their god-awful abomination of an IM platform, I was told "some features" (such as...?!) had been "temporarily disabled", and I should log in to the website to fix that. That didn't help, of course. Eventually, I tried creating an app-specific password for IM ... which was rejected each time, but after trying it, I was able to log in with the main account password without getting the stupid warning message.

    A shame seeing what once seemed like a nice modern company with useful services being run into the ground.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like