Maybe useful, a growing list of next generation secure email or email-like
communication clients here: https://github.com/OpenTechFund/secure-email
On Fri, Jul 18, 2014 at 3:59 PM, Lorenzo Franceschi-Bicchierai
lorenzo...@gmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey
On 07/19/14 11:13, carlo von lynX wrote:
On Fri, Jul 18, 2014 at 7:59 AM, Lorenzo Franceschi-Bicchierai
lorenzo...@gmail.com wrote:
I was wondering if it's time to make a list of not-so-good snakeoil
encryption services that have popped up after the Snowden revelations.
Let's look at the
You should stop using statements like you don't know what your are
doing, etc or I will reply the same way.
I am participating to different W3C lists like CSP, Webapps co and to
WebCrypto as a (not very active) member, so I know very well what's the
state of the art, surprisingly I don't see
Thanks for your comments, please see mine below.
Le 22/07/2014 03:40, coderman a écrit :
On Mon, Jul 21, 2014 at 5:52 PM, Aymeric Vitte vitteayme...@gmail.com wrote:
... including your focus on elementary mitm
issue, your arguments and judgement are so basic that I am wondering why I
am
Interesting thoughts, please see my comments below.
Le 22/07/2014 03:48, Seth David Schoen a écrit :
Aymeric Vitte writes:
You obviously don't know what you are talking about or just did not
get what I explained or just do not understand http versus https or
the contrary, or just do not
On Tue, Jul 22, 2014 at 4:47 AM, Aymeric Vitte vitteayme...@gmail.com
wrote:
Indeed extensions can be mitmed as easily as js code
Browser extensions are digitally signed by their authors, so no, they are
in no way as vulnerable to a MitM attack as JS served over plaintext HTTP:
Le 19/07/2014 11:13, carlo von lynX a écrit :
On Fri, Jul 18, 2014 at 7:59 AM, Lorenzo Franceschi-Bicchierai
lorenzo...@gmail.com wrote:
I was wondering if it's time to make a list of not-so-good snakeoil
encryption services that have popped up after the Snowden revelations.
Let's look at
On Mon, Jul 21, 2014 at 12:59 PM, Aymeric Vitte vitteayme...@gmail.com wrote:
Unlike obscure elefantesque open source code that you don't even know what
it becomes when it gets compiled, it's trivial to see what it is doing.
I suggest that you read about the process of just-in-time compilation,
I don't need to read that's exactly what I meant: you can trust a
compiled package only if you have compiled it yourself, and have
previously checked the complete code or have it audited, which is
unlikely for both in most of cases, but happens systematically with js
for the compilation phase,
On Mon, Jul 21, 2014 at 2:59 AM, Aymeric Vitte vitteayme...@gmail.com
wrote:
So Peersm is a monolithic js code app, monolithic so you don't load tons
of potentially insecure modules, it does not use neither rely on any
plugin/add-on, for always the same reason: you must be able to check
Please read again what I have written, your answer just extracts really
basic parts out of the context and does not take into account the whole
picture that I have explained, I already read the link you provided some
years ago, I recall it as trivial and/or too old statements
unfortunately
On Mon, Jul 21, 2014 at 12:59 PM, Aymeric Vitte vitteayme...@gmail.com
wrote:
Please read again what I have written, your answer just extracts really
basic parts out of the context and does not take into account the whole
picture that I have explained, I already read the link you provided
On Mon, Jul 21, 2014 at 5:52 PM, Aymeric Vitte vitteayme...@gmail.com
wrote:
You obviously don't know what you are talking about or just did not get
what I explained or just do not understand http versus https or the
contrary, or just do not understand the web, what's on client side
On Mon, Jul 21, 2014 at 5:52 PM, Aymeric Vitte vitteayme...@gmail.com wrote:
... including your focus on elementary mitm
issue, your arguments and judgement are so basic that I am wondering why I
am answering it, you should do some reading, and if you can trivially defeat
Peersm, then just
Aymeric Vitte writes:
You obviously don't know what you are talking about or just did not
get what I explained or just do not understand http versus https or
the contrary, or just do not understand the web, what's on client
side (browser) or on server side, or don't get that your extension
On Fri, Jul 18, 2014 at 7:59 AM, Lorenzo Franceschi-Bicchierai
lorenzo...@gmail.com wrote:
I was wondering if it's time to make a list of not-so-good snakeoil
encryption services that have popped up after the Snowden revelations.
Too much effort really. It's easier to document the technical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey guys,
After The New York Times video suggesting a few questionable services to
encrypt email (see here:
http://www.nytimes.com/video/technology/personaltech/10003002385/easily-encrypt-your-email.html?smid=tw-nytimes)
I was wondering if it's
I wouldn't use any of these. InfoEncrypt is especially bad. If a
product doesn't have a link to source code, doesn't have detailed
documentation, or relies on code running on their servers, then do not
expect privacy of your messages.
Somewhat relevant, I recently gave a talk about Crypto
18 matches
Mail list logo