Re: [Sks-devel] Encrypt.to searching for beta users

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Encrypt.to searching for beta users

From:	admin
Subject:	Re: [Sks-devel] Encrypt.to searching for beta users
Date:	Tue, 10 Dec 2013 08:54:28 +0100
User-agent:	Internet Messaging Program (IMP) H5 (6.1.6)

Thanks John,


John Clizbe <address@hidden>:

Kristian Fiskerstrand wrote:

Granted this whole discussion probably belongs somewhere else, but
since we're first on the topic, let me chime in my two cents.

First of all, any encryption done in a browser will at least have to
be done in a browser extension that does not auto-update. One thing is
whether one trusts a service today, but if tomorrow some completely
different JS can be injected (or only injected based on e.g. IP
address, or other identifiers for a specific user, which we have seen
some cases of) then it can't be trusted.


BIG ACK

Second, key validation. Your friends (or friends of anyone using the
service) would have to carry along a phone-book of fingerprint, key
types and sizes for each recipient. Other than the short key ID I
don't see anywhere where this website provide information useful for
key verification procedures.Not even after encryption; What happens if
there is a short keyid collision? and is there a way to verify the
structure of the encrypted message before sending? (similar to gnupg's
--list-packets)


For example: https://encrypt.to/0xDEADBEEF comes to mind right away.

How does the code handle keys with multiple email addresses? Does itmail-bomb

them all?


Good point, we need to improve :)


NB: Those wishing to try the code and query their own keyserver need to be
running my latest trunk. The patch adding the header that OpenJS needs to be
able to query keyservers is still sitting in a pull request for Yaron.


Which patch do you mean?


-John

--
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Encrypt.to searching for beta users, (continued)
- Re: [Sks-devel] Encrypt.to searching for beta users, Stephan Seitz, 2013/12/09
  - Re: [Sks-devel] Encrypt.to searching for beta users, Frank Villaro-Dixon, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, Dmitry Yu Okunev (pks.mephi.ru), 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, PGP Key Admin, 2013/12/09
  - Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, Kristian Fiskerstrand, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, John Clizbe, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, Lukas Martini, 2013/12/09
    - Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10
    - Re: [Sks-devel] Encrypt.to searching for beta users, admin <=
    - Re: [Sks-devel] Encrypt.to searching for beta users, John Clizbe, 2013/12/10
    - Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10
- Re: [Sks-devel] Encrypt.to searching for beta users, Lukas Martini, 2013/12/09
  - Re: [Sks-devel] Encrypt.to searching for beta users, admin, 2013/12/10

Prev by Date: Re: [Sks-devel] Encrypt.to searching for beta users
Next by Date: Re: [Sks-devel] Encrypt.to searching for beta users
Previous by thread: Re: [Sks-devel] Encrypt.to searching for beta users
Next by thread: Re: [Sks-devel] Encrypt.to searching for beta users
Index(es):
- Date
- Thread