On Wed, 27 Jun 2012, Ian Goldberg wrote:
Lots of people have considered that, but there's a major obstacle: how do you know the libotr plugin is actually being used, and it's not just sending plaintext to GTalk? As far as I know, there's no "secure chrome" mechanism extensions can use to confirm to the user that the text is being typed directly to the extension, and that other javascript running on the same page can't intercept the keystrokes.
I think similarly, cryptocat is trying to do this, but with homebrow crypto on top.... https://crypto.cat/ One of their dev's has talked about otr, so i think they are aware of it. There is definitely a need for something that can be reasonably downloaded and trusted on an unknown (internet cafe) machine, but as Ian said, it's problematic. Paul _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
