CryptoMail Newsletter

CryptoMail.org publishes the CryptoMail News-letter to provide information about secure web based email communication.

Party After O'Reilly's Emerging Technology Conference

In April, the people of CryptoMail.org were invited to a party hosted by Jon Gilbert, Quinn Norton, Ada T. Norton and Danny O'Brien.  The party started right after O’Reily’s Emerging Technology Conference in San Jose.  Our project manager, Peter Leung, and chief developer, Joshua Teitelbaum attended to the party and had a great time.

Many developers, conference presenters, and attendees showed up for the party.  Some of them are old friends of us, and others are new to us.  People were packed inside his house all the way to his garden.  The environment was warm, pleasant and friendly with many enthusiastic discussions.  Some people used the in-house wireless to browse the net.

In addition to food and beverages from the host, many people brought their own food and alcoholic beverages to the party.  Joshua brought Jet Puffed marshmallows and Sierra Nevada Pale Ale beers for everyone.

The party went on raging past midnight.  Sadly, Peter and Joshua needed to head back to San Francisco with their one-hour drive from San Jose, while some people remained in the party and camped in Gilbert’s back yard.

Users Q&A

Q: What is the Java security warning?  Why do I always get asked to allow for permissions in the warning? When will be the Java security warning visible?  What will users expect to see for the Java security warning?

A: Because a Java Applet is an application that is intended to run on top of your web browser, a Java security warning message box is presented to the user to provide additional information about the CryptoMail (CM) Client’s Java Applet’s intentions, and to gain permission from a user.  You should always check the Java security warning information.

The CM Client’s Java Applet contains a high power encryption engine and reads files from your computer.  So, when you try to send an attachment when you are composing E-mail, the CM Client will be allowed to get the attachment from your computer.  Typically, singed code is used to ensure that no program can assume the identity of the original program and authors, and, like many other programs on the web, the CM Client is signed with a digital signature.  However, the certificate used for signing is derived from a free, test certificate.  When your web browser loads the CM Client’s Java Applet, a trusted certification authority verifies the digital signature.  Trusted certification authorities are listed in your web browsers.  For example, Internet Explorer’s Certificate Manager has a list of authorities that are operated by large corporations such as VeriSign and RSA Security.  The certification authorities charge a considerable amount of money from Internet developers like CryptoMail.org’s developers, for verifying their digital signatures.  We operate under very limited resources, so we are not using a trusted certification authority in your web browser.  For that reason, you will get a Java security warning(s) when you use our free encrypted E-mail service in CryptoMail.org.

The Java security warning will only be visible, after you see an initial security alert for making a secure connection to our website.  You usually see this kind of alert when you go to a website that has asked for some of your personal information via SSL, and the web server does not operate with a trusted SSL certificate.  Although CryptoMail.org will never ask for your personal information, you are asked to make a secure connection to provide additional protection of your E-mail login name.  Your web browser will advise you about determining the validity of the certificate.  As with the CM Java Applet’s Java security warning, CryptoMail.org cannot afford to pay large corporations to be our SSL certification authority.

So, in summary, you should expect to see message a box with Joe’s Software Emporium authenticity for the Java security warning, and you should also expect to see a secure connection warning stating the certificate is issued by "Snake Oil CA", when submitting your log-on information to our website.