Hi! ~~~ On 12/07/2011 03:00 PM, Sean Colyer wrote: > Ok that makes sense. A couple of thoughts. > > I am also interested in the integration with webmail and want to work on > that, but I believe other members want to use it for other things (mobile, > etc). However, I suppose we could leave the "library" part in the src folder > and the extraneous stuff in other folders... > > I think the biggest difference between my vision of how webmail integration > should work and yours is I think that it should be as integrated in the > normal gmail experience as possible. I realize that this means it will be > harder to maintain (such as the recently upgraded front end), and other > issues such as draft uploading. However, I think the goal should be to make > it as seamless as possible for users to use with as few clicks and changes to > experience. I want OpenPGP to be more accessible to more people. > > prometheusx.net <http://prometheusx.net> has some screenshots that you can > check out of my kind of vision. Perhaps the plugin could attempt to > integrate with the front end and if the version has changed then resort to > use the compose/decrypt pages? >
I quickly reviewed your extension. It definitely is way more easy to use and we should follow that integration idea. GPG4Browsers is designed in a separate window with messaging through the background page due to security considerations. Gmail-crypt plugin runs as content scripts inserting HTML within the same window as gmail is running. Content Scripts are executed in another JavaScript but inserting decrypted content or composing message to be encrypted within the gmail interface is insecure because data will be visible within gmails javascript context. Gmail also stores drafts in the background so mails to be encrypted will be send to gmail before encryption. GPG4Browsers makes use of the "incognito" mode preventing screenshots from the separate tab and (not guaranteed) tab process separation. This is a more "paranoid" approach not letting the webmail provider know what has been encrypted or what the decrypted content is but i think thats the idea of end-to-end encryption. > I understand the RFC822 now. This seems similar to what I have mentioned > with a bit more maintenance but at the cost of ease of use? In my extension I > was doing a handful of string replaces for extra <div> and <br>'s introduced > by gmail... Yes, i did that first too. The problem is that gmail also inserts <wbr/> tags into the displayed message which a replacing one or many spaces. This makes it impossible to retrieve the original mail by replacing HTML insertions and signature verification of signed only messages fails. regards, carsten _______________________________________________ http://openpgpjs.org
