Here is another reason for putting serious thought in to local key storage. http://nzkoz.github.io/MegaPWN/
Basically any service using localstorage to store keys used say with javascript based crypto could have the private key exposed to the service provider (turing the users secure from asymmetric into symmetric). On Monday, July 22, 2013 10:10:29 PM UTC+2, Kd M wrote: > There is a wide open space for improving privacy and security on the > internet. Little to nothing has changed since 1992 when Steve jobs demoed > email encryption (http://youtu.be/7mgG4a591zQ?t=59m38s). The world changed > though and many people use webmail these days. This is a space where Mozilla > could take upon itself to set standards by introducing the means to securely > generate and store key pairs, exposing this through API's for extensions or > rolling one that is actually usable and integrated for all. > > > > It would be pertinent to look ahead and support the design of distributed DNS > systems. This can not be done with extensions. In 1990 in response to > concerns from the EU that ICANN may permit the USG to abuse DNS for national > reasons they responded saying they would only ever ensure the functionality > of the internet. 3 years ago they were responsible for helping DHS take down > URLs that linked to content or were political in nature. So supporting > distributed DNS is the right thing to do to protect the neutrality of the > internet in the future. > > > > Finally, and this i guess is the hardest sell, Mozilla should use duckduckgo > by default. > > > > This may sound all political in nature but only if you already divested from > the idea that political neutrality is important to the internet. These ideas > help save that neutrality and protect the definition of privacy those of us > that grew up with the internet have come to understand. > > > > If none of these are things Mozilla is able to do I would be happy to join a > fork or hear from developers interesting in building a truly privacy > conscious, while still usable, browser. _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
