Ali-Reza Anghaie writes:
> Looks like voices were heard - and other work was done -
>
> http://www.mailvelope.com/blog/security-audit-and-v0.6-release
I appreciate this work that has been done, but from what I understand
mailvelope suffers from a major problem: it cannot handle PGP/MIME
messages
PM, Eugen Leitl wrote:
> > - Forwarded message from StealthMonger
> -
> >
> > From: StealthMonger
> > Date: Wed, 12 Dec 2012 23:22:28 + (GMT)
> > To: liberationtech
> > Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
> > R
On Mon, Dec 17, 2012 at 5:28 PM, Thomas Oberndörfer wrote:
> Does the whole situation regarding mass surveillance of email traffic
> improve, zero effect, gets worse?
>
This question gets bounced around regularly - and there will likely never
be reasonable agreement. The explicit position of secu
s).
Does the whole situation regarding mass surveillance of email traffic
improve, zero effect, gets worse?
I am thankful for all insights about this question.
Thomas
> Original Message
> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
> Date: Mon
en Leitl wrote:
> - Forwarded message from StealthMonger
> -
>
> From: StealthMonger
> Date: Wed, 12 Dec 2012 23:22:28 + (GMT)
> To: liberationtech
> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
> Reply-To: liberationtech
>
> --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/11/2012 05:29 AM, Hannes Mehnert wrote:
>
> I'm interested whether there is any comparison (code-base wise or
> feature wise) with the (unfortunately discontinued) FireGPG
> (http://getfiregpg.org)
>
*** WebPG was created after FireGPG was
Uncle Zzzen
>> Date: Wed, 12 Dec 2012 12:38:40 +0700
>> To: liberationtech
>> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
>> Reply-To: liberationtech
>>
>> The reason why FireGPG no longer ships with tails is that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uncle Zzzen writes:
> [Weighty argument compelling closer study.]
So unless and until the Mailvelope author(s) remedy this, support for
Mailvelope has to be muted.
However, comparison with Cryptocat is still unfitting because
Cryptocat does not eve
le Zzzen -
>
> From: Uncle Zzzen
> Date: Wed, 12 Dec 2012 12:38:40 +0700
> To: liberationtech
> Subject: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail
> Reply-To: liberationtech
>
> The reason why FireGPG no longer ships with tails is that the DOM of a w
You just jogged my memory w/ the clipboard bit..
http://safegmail.com/
Another project in the mix. -Ali
On Wed, Dec 12, 2012 at 12:38 AM, Uncle Zzzen wrote:
> The reason why FireGPG no longer ships with tails is that the DOM of a web
> app is not a safe place for plaintext
>
> https://tails.
The reason why FireGPG no longer ships with tails is that the DOM of a web
app is not a safe place for plaintext
https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/
Any architecture where plaintext is stored inside a web app's DOM is
dangerous. Especially a
Cryptocat is a local browser plugin served over SSL, installed locally,
loads/executes no external code, and communicates only via SSL. It does not
rely on server integrity with regards to these parameters.
Regarding Mailvelope — does its operation depend on the Gmail DOM? What happens
if the G
On Mon, Dec 10, 2012 at 10:07:23PM +, StealthMonger wrote:
> "Fabio Pietrosanti (naif)" writes:
> > for whose who has still not see that project, i wanted to send a notice
> > about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
>
> > It's a client-side, plug-in based (
I'm not finding a lot of information since the end of ~last year~ on the
status of OpenPGP.js checks. Perhaps an inquiry on their mailing list is in
order - I didn't see archives. I would guess Mailvelope uses whatever
keystore options OpenPGP.js offers which as of now (as near as I can tell)
doesn
I would claim that the expected behaviour would be to use any available
keystore by default, or alternatively (if none is found) to install its
own in a "default" location. On *nix, this is usually ~/.gnupg, and if
GPG4Win is "widely" used on windows, I would expect one such keystore to
be impleme
hi
> I'm interested whether there is any comparison (code-base wise or
> feature wise) with the (unfortunately discontinued) FireGPG
> (http://getfiregpg.org)
pigeonpg (which is part of mailvelope) contains code from firegpg - look
like some recycling took place :)
malte
--
Unsubscribe, change
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA384
Hi,
On 10/12/2012 20:42, Fabio Pietrosanti (naif) wrote:
> for whose who has still not see that project, i wanted to send a
> notice about MailVelope, OpenPGP encryption for webmail:
> http://www.
>
>
> This (could finally be) email encryption done right: encryption is
> performed on the user's browser, so that the server storing the
> communication never sees the contents of the message.
>
> However, after installing it on Chrome, I have a few concerns:
>
> [snip]
One concern that may be w
"1. Mailvelope appears to use its own keystore (at least on Windows), and
not the
GPG keystore. Specifically, it doesn't use the GPG4Win keystore, which
is
the one I'd expect it to use."
In some ways this is great: it means novice users don't have to worry about
getting GPG4Win or any other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"Fabio Pietrosanti (naif)" writes:
> for whose who has still not see that project, i wanted to send a notice
> about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
> It's a client-side, plug-in based (similar to CryptoCat), Op
On Mon, Dec 10, 2012 at 1:42 PM, Fabio Pietrosanti (naif)
wrote:
> Hi all,
>
> for whose who has still not see that project, i wanted to send a notice
> about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
>
> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP
Hi all,
for whose who has still not see that project, i wanted to send a notice
about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email
encryption plugin available for Chrome and Firefox.
Source code is a
22 matches
Mail list logo
