PGP Encryption for mail, web pages and webmail

Encryption would be a better solution, if you encrypted that email you don't rely on all the servers wiping their copies so data disposal isn't an issue.

What I'd like to see is something like Mozilla Thunderbird include public key exchanges by default. Your public key, (or a URL to collect it from the mozilla site if the key is too unwieldy) would be attached to every outgoing email and if a Thunderbird receives an email with key attached, then it is automatically added to your key ring and communications with that email address are then always sent encrypted with that key.

Of course an attacker could do a man in the middle attack during that first key exchange. But so what? For a man in the middle attack to work, they would have to intercept that first key exchange, and every single email exchange from then on (to decrypt/recrypt) until some future time when they actually get to a point they want to do the snooping.

The desire to intercept a communication will likely occur at a later date than the key exchange itself. No-one can see into the future, and no-one can travel back in time and intercept the key exchange done in the past.

Suppose the keyring is stored on a flash key, then an attacker would have to intercept every email from every machine you use and every IP address. A complete non starter.

Firefox could add the same feature and use the same keyring. e.g. If a web field is tagged as

<pgp> </pgp>

then that section is encrypted with your public key, and the message is decrypted and the decrypted version shown instead.

If you don't understand why you would go to such lengths, then you have never pissed off the company sysadmin.