View Single Post
Old 31 May 2014, 01:33 AM   #58
zimmermanfan
Essential Contributor
 
Join Date: Aug 2010
Posts: 200
Quote:
Originally Posted by emebrs View Post
Is it possible that this constitutes an example of security theater, or is it truly good security?
It's security theater.

If the decryption happens server-side, then the server has access to the cleartext before sending it over the SSL tunnel. And if the decryption happens client-side, then the server is acting as an application server (probably sending java or javascript), in which case the server can target recipients and send a malicous app (something that sends the key back to the server).

Hushmail and Countermail have a substantially more secure way to send messages to outsiders (using asymmetric encryption and using the recipients [trusted] client software). See my recent thread for the full discussion.
zimmermanfan is offline   Reply With Quote