On 13-12-12 10:44:18, ad...@pgpkey.org, wrote 0.8K characters saying:
Simple, we're using client side encryption, you can review the
javascript code in your browser. The server/service receives encrypted
messages and send it to the receiver. The server/service can't decrypt your
message, it's PGP.
I think that what Gabor meant was that *maybe* a client will check the source
code *once*, but not always! With time, you don't continue to do the same
annoying tasks (aka. checking that the source code is the same), and you forget.
A lambda person won't check the code, and then, the NXA (or another third
party), can alter with the code, and do a simple MITM. Everybody will fall in
the trap.
IMHO, I think your service, as good as it may seem, is a false-good idea.
Cheers,
Frank
"Kiss Gabor (Bitman)" <ki...@ssg.ki.iif.hu>:
Why?
How an innocent bystander could be sure that (s)he will use
the _same_ code when sending mail via your service?
If I worked to the No Such Agency I'd probably do this trick. :-)
g
--
frank.villaro-dixon.eu - PGP: 6F36914A
Envie d'électricité 100% verte ? Enercoop.fr
What is a Velomobile ? www.sans-essence.eu
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
