On Tue, Jul 29, 2014 at 6:53 AM, Lodewijk andré de la porte
wrote:
>
> JavaScript cryptography is possible, there are usecases, and it is
> *definitely* *not *"considered harmful" by default.
>
By default you aren't using HTTPS, HSTS, and CSP. Without these things,
doing cryptography in a web pag
On Sat, Jul 26, 2014 at 2:57 PM, Theodore Ts'o wrote:
> On Sat, Jul 26, 2014 at 05:03:46PM +0200, Lodewijk andré de la porte wrote:
>>
>> "WHAT'S THE "CHICKEN-EGG PROBLEM" WITH DELIVERING JAVASCRIPT CRYPTOGRAPHY?
> Somebody, please, give me something to say against people that claim JS
> client s
On 26/07/2014 16:03 pm, Lodewijk andré de la porte wrote:
> http://matasano.com/articles/javascript-cryptography/
...
> Somebody, please, give me something to say against people that claim JS
> client side crypto can just never work!
It's like opportunistic security; it's the best you get in a c