Yahoo to provide PGP encryption for mail

Powered by SC Magazine
 

Promises ease of use.

One of the world's largest web providers, Yahoo, will provide its email customers with digital signing and encryption of messages through an extension of the Pretty Good Privacy (PGP) program.

Yahoo chief information security officer Alex Stamos made the announcement at the annual Black Hat security conference in Las Vegas.

Stamos told iTnews that the project was still some way off.

"We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow," Stamos said.

While effective as a personal encryption solution, PGP is notoriously difficult to use with public/private key pairs. Stamos believes Yahoo can nevertheless make it work for non-technical users.

"It won’t be easy, but I think we can design a user experience that makes encrypting messages a one-click option for many people," he said.

Yahoo will use a fork of Google’s End to End OpenPGP plugin that is currently in development.

“We are using the same crypto core with a different front-end, and will look at unifying with Google’s plugin once the dust settles,” Stamos said.

Stamos was reluctant to announce a firm date for the PGP functionality for Yahoo Mail, but said the company will release the first source code for its version of the extension in the northern hemisphere this autumn.

The goal is to have the full product ready in 2015, Stamos said.

He declined to detail how government intelligence agencies and law enforcement would react to Yahoo Mail customers being able to individually encrypt messages, something that would make interception of their content potentially impossible.

Yahoo follows the likes of Google, Facebook and Microsoft, who also recently announced they would encrypt internal traffic in response to the Snowden spying revelations.

Copyright © iTnews.com.au . All rights reserved.


Yahoo to provide PGP encryption for mail
Alex Stamos, Yahoo CISO.
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Alex Stamos, Yahoo CISO.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 346

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 144

Vote