Yahoo To Add PGP Encryption For Email

Bismillah (993337) writes Yahoo is working on an easy to use PGP interface for webmail, the company's chief information security officer Alex Stamos said at Black Hat 2014. This could lead to some interesting standoffs with governments and law enforcement wanting to read people's messages. From the article: "'We are working to design a key server architecture that allows for automatic discovery of public keys within Yahoo.com and other participating mail providers and to integrate encryption into the normal mail flow,' Stamos said."

Where is the private key stored?

[Henriok]

Where is the private key stored? These are web mail services and if that's going to be easy to use, the key must travel with the user, and how is that going to work securely? Or are they going to store people's private keys on their own servers? If so, wouldn't that almost completely defy the purpose? If intelligence agencies or more usual evil does have access to the mail servers, or user accounts wouldn't they also have pretty much access to the key store servers too? Could someone with more knowledge into how this might work please sort this out for me.