Thanks for your feedback.
Kristian Fiskerstrand <kristian.fiskerstr...@sumptuouscapital.com>:
Granted this whole discussion probably belongs somewhere else, but since we're first on the topic, let me chime in my two cents. First of all, any encryption done in a browser will at least have to be done in a browser extension that does not auto-update. One thing is whether one trusts a service today, but if tomorrow some completely different JS can be injected (or only injected based on e.g. IP address, or other identifiers for a specific user, which we have seen some cases of) then it can't be trusted.
Any idea how we can protect this issue?
Second, key validation. Your friends (or friends of anyone using the service) would have to carry along a phone-book of fingerprint, key types and sizes for each recipient. Other than the short key ID I don't see anywhere where this weebsite provide information useful for key verification procedures.Not even after encryption; What happens if there is a short keyid collission?
Good point, maybe we should go with email only. and is there a way to verify the
structure of the encrypted message before sending? (similar to gnupg's - --list-packets)
This is possible, what information do you like to see after the encryption?
- -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nil satis nisi optimum Nothing but the best is good enough -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSpbu0AAoJEAt/i2Dj7frj/C8P/3Ee8u7rUiO6TluwkBSCuksf jXBqMTPjYq+Z1OfBaolYnix9n779ADxk/E2OHdEbVGeoMUwwld2IQURVR3zWt4Mi CVDx9kwNlbm9FoMOR31fKwh5gbiGx4icmt/dbOeuiD6MjQL4MZIkp0QYvB3POzoQ fNGu0JdPcYFJ3V4NZxF+uuzqC4GcNaXcwNLJGPGeRUtVGZSDIo7uyRRTGOOkQtZS ifj52cYRvWUa3EomtaZjzP6j+KspOtj3QLtta8QOFiRt/+Jc8LVdQ/by9ykuWOtQ c3Kdcha5cigNzUIEvIneuYzKbXAnmZ7aFvoESx82QP5j3E+zgt7x+r3R3jYRy+qb /Ks9TDDl9cqVpBQ/Lrb78ubtNINpA6HWnY8b+x391kK5oi1swMHakDabiWT+8LIP rV2a3WDRCEiKUDpYZQZxtsUg4BTdw26TjRZ+ciEK8FiJQJAktltMu6Ou6NRcIKYA Eyyg3jEGglay7gcb6DrAgqSYIbBlmRryM095XeqNtU25XkJeBoavEB2kRQtqxu8G SEmjLc/J1inDBiBWTuor2/Wq/hEAa+YLBOfKOO5gD1n4S61sNYxoYI4382L8cDIO f6wMzx19soFZ9BJXk1vwPJ96YBwaObKCOjcRcDjuQK97ZPu7++kT6q9fqiWsPQug IgJGFzUqwOzN7P6ljzBm =/Yr+ -----END PGP SIGNATURE-----
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel