Secret key syncing should be optional and turned off by default

[CR0CKER]

It seems I can't prevent my secret key to be uploaded to my IMAP server. Would be good if there was a way to disable that.

[Atera]

Completely agree. Being unable to ensure that your secret key does not get uploaded to a remove server is absolutely essential. If I am forced to upload my private key to Whiteout for safekeeping and trust them with it in order to use their product I would consider that a sufficiently problematic security issue that would bar be from using Whiteout. Just a simple checkbox during signup and later on in some configuration screen to turn off synchronization and to prevent private key sharing would be sufficient, but as it stands now, I am unwilling to use Whiteout with my real private keys.

[felixhammerl]

the key synchronization is a cornerstone of whiteout mail. if you have doubts about the protocol, feel free to collaborate with us on the RFC draft for secret key sync. https://github.com/whiteout-io/mail-html5/wiki/Secure-OpenPGP-Key-Pair-Synchronization-via-IMAP