-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Top-posting to retain context here...
I am not criticizing JavaScript -- I am advocating the segmentation of using JavaScript for encryption from JavaScript for everything. :-) If runtime JavaScript can be "contained" just for the encryption mechanism, then I will happily advocate for that. In fact, I am pretty much using it today in Thunderbird/Enigmail/OpenPGP, while using NoScript. Having said that, NoScript is not recommended for the masses, since it requires the user to make some very tough technical decisions which they may not know the answer to. - - ferg On 1/21/2014 6:53 PM, Fabio Pietrosanti (naif) wrote: > Il 1/22/14, 8:06 AM, Paul Ferguson ha scritto: >> >> While I do not disagree with you here, per se, I would like to >> point out that any client that gratuitously trusts JavaScript >> *or* HTML5 is also a client which allows the end user to be >> victimized by the most casual daily criminal campaigns. > > I just would like to argue that the delivery (download, > installation, upgrade) of an Chrome App is far more secure than an > native application with an executable installer, due to the trust > model of application store and the reduced risks of being > hijacked/infected during the download. > > That's not a website delivering you javascript code. > > That's an *application* that is built using Javascript/HTML5 like > if it was built using Objectice-C/C++ for iOS. > > No substancial difference. > > I'm really bored about the continuous critics against use of > Javascript for encryption purposes. > > HTML5/JS is in the the future of any application development, it's > the only eterogenous application development environment, the > browser is the home of the end-user. > > That's what we just need to accept, it already happened, it's > always that way. We just need to deal with that. > > -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and > Digital Human Rights http://logioshermes.org - > http://globaleaks.org - http://tor2web.org > > > - -- Paul Ferguson 'Get off my lawn!' PGP Public Key ID: 0x54DC85B2 - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLfNY8ACgkQKJasdVTchbJImAD+N/wSDGbF5EDLzd24ezmKzmvk OH+vvMYW5MB9RrkgFGsBAI0yGNo0AXOptFoBPolU1UAbw07iDRxFudiNjLHeV7R7 =o02C -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.