Thanks for this Steve, its a rare breath of fresh air to see someone respond firmly, critically, yet also collegially.
+1 for gnomish anti-troll behavior! B On Mon, Mar 25, 2013 at 10:20 AM, Steve Weis <stevew...@gmail.com> wrote: > Hi Yiorgis. The "ways of asserting the authenticity of served > [JavaScript]" always reduce to trusted code executing on the client. You > need to trust whatever is authenticating the served application. You can't > get around it. > > This approach always ends up with either trusting the service or running > client-side code. The former is a perfectly fine business model and the > standard for almost all web apps, but you can't make the claim that "the > government and our staff cannot access your data". It's simply not true, > and not just because there might be incidental bugs you're working on > fixing. It's fundamentally untrue. > > I appreciate the challenge you are trying to tackle and understand that > delivering client-side code across all browsers and platforms is a > non-starter for an early startup. If it were an easy problem, we wouldn't > be having this discussion. I wish you luck in solving it. > > On Sun, Mar 24, 2013 at 3:08 AM, Yiorgis Gozadinos <ggo...@crypho.com>wrote: > >> On the technical side, like I said, we will try to address the issue of >> trusted js by implementing apps as well as explore ways of asserting the >> authenticity of served js. Open-sourcing the client code will certainly >> help in auditing. There are other things we put in place to help, CSP, >> Strict-Transport-Security and X-Frame-Options headers for example or a >> proper SSL setup. >> These cannot guarantee of course that we haven't overseen things, but >> our hope is that gradually we can build trust on our app. >> > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech