Hi Fabio, > I'd be pleased to help with twittering on that topic.
Very well - I've sent you an IM. > Definitively that's a nice idea, we have a lots of knowledge sitting in our > email client mailboxes. It maybe also nice to have someone doing some > volunteering to hacks and patch email archives (i can upload all that i have > to a dedicated imap account) so that we can have indexed all the knowledge on > OpenPGP.js generated till know. Thank you for the offer. Two questions: 1. Which sustainable provider should we use? Maybe Google Groups? A Google account is not needed to join. 2. Conventional mailing lists in general and mailman in particular feel some sort of out dated. Are there better alternatives nowadays? > Yeah, i means, we all know that the Javascript Encryption / Web Encryption > topic is an "hot-topic" capable of stimulating the most > senior-crypto-trolling . Btw: we should distinguish between JavaScript (e.g. node.js) and Web (browser) encryption ;) > Because now there are many projects that are starting using OpenPGP.js Who exactly? > As OpenPGP.js group, i think we should try to provide a short assessment > (like a table with bullet point to be flagged and/or described) to evaluate > the "Security and Threat Model" of applications incorporating OpenPGP.js. ... > So it maybe very interesting to try to make such a syntetic table/summary > with which analyze existing applications using OpenPGP.js and keep maintained > this syntetic threat-model-analysis of application's using it. I assume you've already something specific in mind. Could you start with it? Maybe at https://github.com/openpgpjs/openpgpjs/wiki > Because we all know that, depending on how we use OpenPGP.js, how the > application is delivered to the end-user (via web, as a plugin, as server > app, as a desktop app) and how the encryption keys are delivered/selected (by > the application itself, by looking up directly on key server, by a third > party service, embedded within the app?) VERY different threat model will > apply. True. Best regards, Alex
