On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret <[email protected]> wrote:
> The fact that to use PGP you have to install an application. (This is > true for Peerio as well.) That turns out to be too much friction for most > people. Whenever you have to install an application you have to decide > whether or not you trust the application, and most people have no basis for > making that assessment. Why should anyone trust your web page? Do you expect people to audit the source code every time they use it? If they don't, perhaps you made a change which exfiltrates the plaintext to your personal server. Perhaps you targeted a single person, and everyone else sees the "real version" This is why web pages aren't trustworthy for cryptographic purposes. I wrote a blog post on this topic: http://tonyarcieri.com/whats-wrong-with-webcrypto -- Tony Arcieri
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
