Rainloop already has this.
<a href="http://www.rainloop.net/" rel="nofollow">http://www.rainloop.net/</a><p>Been using it for a year or so now, it's fantastic and has never let me down.
I wish someone would do this for S/MIME. S/MIME has native support in many MUAs, even Mail.app on iOS. <a href="http://smime.io/" rel="nofollow">http://smime.io/</a><p><a href="https://github.com/roundcube/roundcubemail/issues/4977" rel="nofollow">https://github.com/roundcube/roundcubemail/issues/4977</a>
For everyone who (like me) wondered what happened to "Roundcube Next", they released a statement 8 days ago[1] about it. Sounds like they had personal problems getting in the way. Glad to see the project is still alive.<p>[1] <a href="https://www.indiegogo.com/projects/roundcube-next--2#/updates" rel="nofollow">https://www.indiegogo.com/projects/roundcube-next--2#/update...</a>
It's nice to hear about the server-side PGP support (searching!), although it's unfortunate that the client-side solution, Mailvelope (or more specifically, the OpenPGP.js library it uses), still doesn't support any ECC algorithms.<p>Fortunately Google's End-to-End extension does support ECC algorithms (no idea if it integrates with Roundcube though), but it seems like it still isn't ready for production distribution on the Chrome Web Store yet.
I recommend to try also Mailpile [1], which was built with security in mind.<p>[1] <a href="https://www.mailpile.is/" rel="nofollow">https://www.mailpile.is/</a>
I guess this means you have to upload your private key to the server. I always wonder what happens when the key is copied and used by someone else. Can you revoke the key? What happens to sent and received messages from the past? Do you still need the old key (private or public) to read those? Is there a private master key that can create a private sub key that can be used to upload to that server?
Here's an old XSS exploit for Roundcube from 2013:<p><a href="https://www.intelligentexploit.com/view-details.html?id=16961" rel="nofollow">https://www.intelligentexploit.com/view-details.html?id=1696...</a><p>I still use RC despite the long history of XSS attacks against it. Luckily RC uses progressive enhancement, so it still works with JS turned off. I just assume emails can still execute JS in 2016? Perhaps it's wrong of me to use RC with JS turned off as a preventative measure, but you have to adore that user interface! It's the only reason I choose RC over other self-hosted email web apps (and there are few to choose from in this space). I like the simplicity of Squirrel-mail, but Roundcube looks and feels too good <i>not</i> to use.
ha i remember long time ago chasing for the perfect webmail system.. before gmail of course.
Horde,Roundcube, squirrel god... I've never found the perfect one!
nice, I use Roundcube a lot for new clients looking to set up their email for the first time. Glad to support this project, and really stoked it has PGP.
Nice.<p>But I prefer Afterlogic
<a href="http://www.afterlogic.com/" rel="nofollow">http://www.afterlogic.com/</a><p>Wish I was open source/freeware