-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
what problem of traditional PGP implementations did you solve? * Looks like key exchange problem is still present (sent by mail) * Any key authentication? I don't see any verification or certification model. Regards Dominik On 04/17/2015 08:21 PM, stef wrote: > ohio, > > On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote: >> 1. It is a standalone web application. > > putting keys in the browser is like putting keys in front of a dmz. > browsers are not designed for this, they are designed for > delivering impressions and services to you. the security features > you find in any browser are there to secure the revenue-stream of > some companies, not for the protection of the interests of its > users. (same goes for phones), the tool might be good (haven't > checked), but the foundation it's built on is sand. you want to > isolate your keys, current end-host security does not provide much > protection against some malware in case recovery of your keys > becomes a priority. you also want to make sure the code running is > authentic, with js delivered over the net this is quite hard to do > verifiably (again, not your protection, industry revenues are the > thing to protect). > > cheers,s _______________________________________________ > cryptography mailing list cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBAgAGBQJVMVCNAAoJEHGMBwEAASKCdd0IAIP0zgu/GcT8V3RqjPGDqJ+K aoX2dneLwuPtYmCvoRRkv3iiCoc/XdefktJsF7bMKo4k1cnpq3+Y1mUa4kHG6PjK sBL5o0Jj9xKH3hTol18ownZB1oCZuKIsJB83+RdndjZdvdPqTl3mHldUkRWtyS6n sC7RM9THBHNRvBCWntYyolY0wsdpO61Aagq60joEeoQWM4Yb2l4hmLp10CTm6EJU 66SJoJkDR/VGCJHbFKUSHfJEsOPTyltbxUXR5hpvR+DpPPHO0l/e2uHzdQ3xLiKC jSi+GfQbCYoZIBc5Hzl0rmJjECP7Mg+LEts4aV66s3zpRjaDfe4Won1sUvFxU9M= =nwNR -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
