Who are the intended targets of this service?
Non-PGP users.
You can't control the senders environment, maybe an old windows box
with keystroke logging, backdoors, etc. It's not my intention to be
the MITM. Yes it's a matter of trust.
Best
Jan
Gabor Kiss <ki...@ssg.ki.iif.hu>:
> Simple, we're using client side encryption, you can review the javascript
> code in your browser. The server/service receives encrypted messages and
> send it to the receiver. The server/service can't decrypt your
message, it's
> PGP.
I think that what Gabor meant was that *maybe* a client will check
the source
code *once*, but not always! With time, you don't continue to do the same
annoying tasks (aka. checking that the source code is the same), and you
forget.
A lambda person won't check the code, and then, the NXA (or another third
party), can alter with the code, and do a simple MITM. Everybody
will fall in
the trap.
Yeah.
Who are the intended targets of this service?
Peoples who cannot install (,stricly check) and run a gpg program
on their own computers. Who cannot run a command line program.
Whose only cabability is moving mouse. (So called one armed lawyers. :)
I'm pretty sure that most of them is unable to audit any JS, Ruby or C code.
Gabor
--
Wenn ist das Nunstück git und Slotermeyer?
Ja! ... Beiherhund das Oder die Flipperwaldt gersput.
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
