On 13 December 2010 22:23, Joachim Schipper <joac...@joachimschipper.nl> wrote: > On Sun, Dec 12, 2010 at 09:11:16PM -0700, Travis King wrote: >> Joel Wiramu Pauling <j...@aenertia.net> wrote: >> > Marti Martinez <ma...@ece.arizona.edu> wrote: >> > > Ted Unangst <ted.unan...@gmail.com> wrote: >> > >> At some point you're going to realize that the javascript that >> > >> decrypts your mail has to come from someplace. >> > > >> > > A better alternative would be a PGP browser addon (...) >> > >> > [See] firegpg >> >> firegpg is the only way I can get friends and family to communicate >> with me securely. I don't even know what the interface looks like, but >> it does work (apparently). > > It's unmaintained. I would also be surprised if the server can't get at > your plaintext (e.g. with Javascript, or even Java/Flash). > > You may want to look at > http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/ and > the comments (in particular, my > http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/#comment-623 9). > > Summary: it doesn't work, and can't work unless you add a plugin with > *many* restrictions. > > B B B B B B B B Joachim > > -- > PotD: devel/ivy - dependency manager for Java > http://www.joachimschipper.nl/ >
Firegpg was basically just chrome extensions to local(read client) side gpg binaries. It wasn't insecure for the reasons you cite, the author just got sick of having to update it to work with gmail (it's initial target). It is still useful for easy access to gpg functions within firefox.
