Quote:
Originally Posted by emebrs
Is it possible that this constitutes an example of security theater, or is it truly good security?
|
It's security theater.
If the decryption happens server-side, then the server has access to the cleartext before sending it over the SSL tunnel. And if the decryption happens client-side, then the server is acting as an application server (probably sending java or javascript), in which case the server can target recipients and send a malicous app (something that sends the key back to the server).
Hushmail and Countermail have a substantially more secure way to send messages to outsiders (using asymmetric encryption and using the recipients [trusted] client software). See
my recent thread for the full discussion.