Google’s made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they’re refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.
Google has teamed up with Yahoo to produce a standard, free/open-source version of PGP that’ll be hosted on Github, and they’re already started paying researchers who find critical bugs in their infrastructure.
We’re migrating End-To-End to GitHub. We’ve always believed strongly that End-To-End must be an open source project, and we think that using GitHub will allow us to work together even better with the community.
We’ve included several contributions from Yahoo Inc. Alex Stamos, Yahoo’s Chief Security Officer, announced at BlackHat 2014 in August that his team would be participating in our End-To-End project; we’re very happy to release the first fruits of this collaboration.
We’ve added more documentation. The project wiki now contains additional information about End-To-End, both for developers as well as security researchers interested in understanding better how we think about End-To-End’s security model.
An Update to End-To-End [Stephan Somogyi/Google Online Security Blog]