[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Encrypt.to searching for beta users
|
From: |
admin |
|
Subject: |
Re: [Sks-devel] Encrypt.to searching for beta users |
|
Date: |
Tue, 10 Dec 2013 08:36:05 +0100 |
|
User-agent: |
Internet Messaging Program (IMP) H5 (6.1.6) |
Thanks for your feedback.
Kristian Fiskerstrand <address@hidden>:
Granted this whole discussion probably belongs somewhere else, but
since we're first on the topic, let me chime in my two cents.
First of all, any encryption done in a browser will at least have to
be done in a browser extension that does not auto-update. One thing is
whether one trusts a service today, but if tomorrow some completely
different JS can be injected (or only injected based on e.g. IP
address, or other identifiers for a specific user, which we have seen
some cases of) then it can't be trusted.
Any idea how we can protect this issue?
Second, key validation. Your friends (or friends of anyone using the
service) would have to carry along a phone-book of fingerprint, key
types and sizes for each recipient. Other than the short key ID I
don't see anywhere where this weebsite provide information useful for
key verification procedures.Not even after encryption; What happens if
there is a short keyid collission?
Good point, maybe we should go with email only.
and is there a way to verify the
structure of the encrypted message before sending? (similar to gnupg's
- --list-packets)
This is possible, what information do you like to see after the encryption?
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Nil satis nisi optimum
Nothing but the best is good enough
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJSpbu0AAoJEAt/i2Dj7frj/C8P/3Ee8u7rUiO6TluwkBSCuksf
jXBqMTPjYq+Z1OfBaolYnix9n779ADxk/E2OHdEbVGeoMUwwld2IQURVR3zWt4Mi
CVDx9kwNlbm9FoMOR31fKwh5gbiGx4icmt/dbOeuiD6MjQL4MZIkp0QYvB3POzoQ
fNGu0JdPcYFJ3V4NZxF+uuzqC4GcNaXcwNLJGPGeRUtVGZSDIo7uyRRTGOOkQtZS
ifj52cYRvWUa3EomtaZjzP6j+KspOtj3QLtta8QOFiRt/+Jc8LVdQ/by9ykuWOtQ
c3Kdcha5cigNzUIEvIneuYzKbXAnmZ7aFvoESx82QP5j3E+zgt7x+r3R3jYRy+qb
/Ks9TDDl9cqVpBQ/Lrb78ubtNINpA6HWnY8b+x391kK5oi1swMHakDabiWT+8LIP
rV2a3WDRCEiKUDpYZQZxtsUg4BTdw26TjRZ+ciEK8FiJQJAktltMu6Ou6NRcIKYA
Eyyg3jEGglay7gcb6DrAgqSYIbBlmRryM095XeqNtU25XkJeBoavEB2kRQtqxu8G
SEmjLc/J1inDBiBWTuor2/Wq/hEAa+YLBOfKOO5gD1n4S61sNYxoYI4382L8cDIO
f6wMzx19soFZ9BJXk1vwPJ96YBwaObKCOjcRcDjuQK97ZPu7++kT6q9fqiWsPQug
IgJGFzUqwOzN7P6ljzBm
=/Yr+
-----END PGP SIGNATURE-----
Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/09
Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10
Re: [Sks-devel] Encrypt.to searching for beta users, John Clizbe, 2013/12/10
Re: [Sks-devel] Encrypt.to searching for beta users,
admin <=
Re: [Sks-devel] Encrypt.to searching for beta users, Lukas Martini, 2013/12/09