Hi Thomas, Great to here that. This is basically the core reason why the OpenPGP.js project was initiated. Very good that we all share the same basic idea...
Best regards, Alex -- Sent from my mobile phone, please excuse my brevity On Sunday, 19. August 2012 at 12:09, Thomas Oberndörfer wrote: > I'm also currently working on a chrome extension. My main focus is to provide > a generic solution that is not bound to one specific webmailer. > The OpenPGP functionality should be integrated into the webmailer UI (so no > separate tab solution) and work for as many providers as possible. > I do this by scanning the page for the PGP header and then injecting an > overlay that is placed on top of the PGP text. > > It's already quite ready to release, so I hope this can be done next week. > > I also see that current PGP solutions on the desktop will only attract > specific users. So the question that I had when I started this project was: > how can I reach the average user? What can be done to improve usability? > > My assumption is that for the majority of users webmailer offer the best > solution (on the desktop). It looks like it's a trend that has a growing > impact: > stop of active development on Mozilla Thunderbird was already mentioned and I > also was quite impressed when I saw what Microsoft is offering with > outlook.com (http://outlook.com). > > That means: let's build generic OpenPGP browser plugins for all the browsers > out there and we reach maximum amount of users. > The bad news is: there is mobile with native apps. Here I see the gaia email > app brought up by Tankred interesting: if this could be > the basis for a mobile email client that runs on all platforms this would > fill a gap. > > @Sean: thanks for creating the roadmap. BTW for the versioning I would also > prefer a classical x.x.x scheme. Maybe that can be worked on once > the roadmap is more clear. > > Thomas > > > 2012/8/13 Tankred Hase <[email protected] (mailto:[email protected])> > > I wasnt trying to suggest that you or anyone do this work. Sorry if it came > > across like that. I was mearly trying to get your technical opinion on such > > an email app, since you had already done the gmail extention. > > One of the painpoints I see with PGP on the desktop is getting everything > > installed and configured is probably too much for the average user. What > > struck me when I saw imap client implemtation in js, is that one could take > > this and bundle it with openpgp.js into a simple to use preconfiged email > > app. > > The point with the seperate namespace is interesting though. Thanks. > > Tankred > > Am 13.08.2012 06:11 schrieb "Sean Colyer" <[email protected] > > (mailto:[email protected])>: > > > I hadn't seen that work, but it does look interesting. I'm not quite sure > > > what work you were envisioning I, or the openpgp.js team, would help with > > > this project. I think the most likely path would be to just make > > > openpgp.js work with Firefox (when it's ready) and allow gaia to craft an > > > implementation. > > > > > > For my intentions, the sandboxing is actually advantageous for security > > > of the extension because it means that the private key is stored in the > > > extension namespace rather than gmail's. > > > > > > I do not foresee myself extensively working on a direct implementation > > > with gaia, but perhaps I could help them get a start if that would be > > > helpful. > > > > > > Sean > > > > > > > > > On Sat, Aug 11, 2012 at 7:48 PM, Tankred Hase <[email protected] > > > (mailto:[email protected])> wrote: > > > > Hey Sean, > > > > I was wondering if you've seen the work Mozilla is currently doing on > > > > its Firefox OS email client. They are building an IMAP client in js, > > > > which is being optimized for syncing with gmail and yahoo mail. > > > > https://github.com/mozilla-b2g/gaia-email-libs-and-more > > > > Also David Dahl confirmed window.crypto.getRandomValues() is now > > > > implemented in gecko and is to be in "FF 17, maybe sooner". > > > > I dont know if you have been following crypto.cat (http://crypto.cat) > > > > in the last few days. They are going extention only in cryptocat 2, > > > > offering apps for chrome and mozilla WebRT and disallowing direct > > > > webusage over https. > > > > I have taken a look at your Chrome extention for Gmail. A complete > > > > signed installable email app could perhaps deal with some of the issues > > > > regarding sandboxing, code delivery and storing the private key in the > > > > gmail domain. What do you think? > > > > Tankred > > > > > > > > _______________________________________________ > > > > > > > > http://openpgpjs.org > > > > > > > > > > > > > _______________________________________________ > > > > > > http://openpgpjs.org > > > > > > > _______________________________________________ > > > > http://openpgpjs.org > > > > _______________________________________________ > > http://openpgpjs.org
