[leot]

I don't understand why everyone seems to think this is an issue. It's as though the only alternative to the status quo is local host browser-level crypto.

The implementation I'm referring to doesn't preclude Gmail from reading emails it has of yours. It just means that only Gmail can read them, because only Gmail has your private key, a private key that's associated with two-factor authentication, and a private key you could optionally use elsewhere, too.

[sliverstorm]

That would work fine, if all the NSA did was sniff traffic on the backbones.

[leot]

The idea that the biggest reason to have PGP is to protect ourselves from some nefarious gov't entity is silly, though in the longer-run it can definitely help make this happen. PGP/PKI affords incredible technological advantages. If webmail providers offered it, OpenID (etc., etc.) would become quickly redundant (e.g.).