Yahoo to provide PGP encryption for mail

Powered by SC Magazine
 

Promises ease of use.

One of the world's largest web providers, Yahoo, will provide its email customers with digital signing and encryption of messages through an extension of the Pretty Good Privacy (PGP) program.

Yahoo chief information security officer Alex Stamos made the announcement at the annual Black Hat security conference in Las Vegas.

Stamos told iTnews that the project was still some way off.

"We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow," Stamos said.

While effective as a personal encryption solution, PGP is notoriously difficult to use with public/private key pairs. Stamos believes Yahoo can nevertheless make it work for non-technical users.

"It won’t be easy, but I think we can design a user experience that makes encrypting messages a one-click option for many people," he said.

Yahoo will use a fork of Google’s End to End OpenPGP plugin that is currently in development.

“We are using the same crypto core with a different front-end, and will look at unifying with Google’s plugin once the dust settles,” Stamos said.

Stamos was reluctant to announce a firm date for the PGP functionality for Yahoo Mail, but said the company will release the first source code for its version of the extension in the northern hemisphere this autumn.

The goal is to have the full product ready in 2015, Stamos said.

He declined to detail how government intelligence agencies and law enforcement would react to Yahoo Mail customers being able to individually encrypt messages, something that would make interception of their content potentially impossible.

Yahoo follows the likes of Google, Facebook and Microsoft, who also recently announced they would encrypt internal traffic in response to the Snowden spying revelations.

Copyright © iTnews.com.au . All rights reserved.


Yahoo to provide PGP encryption for mail
Alex Stamos, Yahoo CISO.
 
 
 
Top Stories
Australia’s banks review the iPhone 6
ANZ, ING Direct and Westpac execs weigh in on NFC, TouchID and big screens.
 
Domain does DevOps
And they’re doing it on .NET.
 
The ethics of security
[Blog post] Where did that zero-day go?
 
 
Alex Stamos, Yahoo CISO.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1155

Vote