Hi guys, happy new year to you guys as well. I couldn't agree more with the points made. It's nice to see the mailing list becoming a active again.
Concerning the threat model discussion. The whole crypto.cat discussion on twitter about plugin/web-delivery was quite interesting. The main take away for me was, that delivering the JS-crypto/app code via a signed installable package seems to be an acceptable compromise for a lot of people. There are still of course issues such as XSS and code injection, but Content Security Policy (which is used by default in chrome manifest version 2 now) seems to address some of theses issues. What are your thoughts on this... is JS crypto ready for production purposes?. Or are there still risks that we can't manage/understand yet? Tankred 2013/1/9 Alex (via OpenPGP.js) <[email protected]>: > Hi Erik, > > Thank you for the answer. > >> I work in a project where we are using OpenPGP.js in a production >> environment. We however use it to encrypt larger files which forced us to >> make a few changes. > > Would love to read more about this. > >> If you guys want to use our logo on the OpenPGP.js site we can probably >> arrange that as well. > > Yes! > >> If you guys are interested we would like to commit this back to the project >> for others to use. > ... >> Would these changes be of interest to the project? > > Definitely! I think it would be extremely helpful to have a short benchmark > before and after your changes that we can publish. > > Best regards, Alex > > On 08.01.2013, at 18:33, Erik Larsson <[email protected]> wrote: > >> Hi, >> >> I've been on this mailing list for a while without writing. I work in a >> project where we are using OpenPGP.js in a production environment. We >> however use it to encrypt larger files which forced us to make a few >> changes. The major one being to support blobs when decrypting/encrypting >> data. We had to do this since we are likely to operate on files > 100 mb and >> it was just not possible to pass around a string with that size. >> >> If you guys are interested we would like to commit this back to the project >> for others to use. Today I'm mostly reaching out to get the conversation >> started. There's some work that has to be done on our part before merging so >> I just wanted to touch base on what we've done. Right now we have added >> prefixed functions when we deal with large files so rather than calling >> write_packet we call write_packet_large and so forth. We did this mostly to >> keep our changes separate from the original source. We are willing to change >> this in however way fits the project guidelines better. There are some >> additional changes that comes to this but this would be the major one. Would >> these changes be of interest to the project? >> >> If you guys want to use our logo on the OpenPGP.js site we can probably >> arrange that as well. >> >> Best Regards >> Erik >> >> On Jan 8, 2013, at 3:16 AM, Alex (via OpenPGP.js) <[email protected]> wrote: >> >>> Dear all, >>> >>> Happy New Year. I think it's time to give the OpenPGP.js project a bit more >>> "love" in 2013. There are many items on the todo list - so let us address >>> the first ones: >>> >>> 1. Marketing: Which projects are currently using OpenPGP.js? I would like >>> to add links and logos to our web page. Also I just restarted to use the >>> Twitter account http://twitter.com/openpgpjs to retweet and answer related >>> posts. Anyone is welcome to join. Also I've created a new simple logo (see >>> attached). >>> >>> 2. Developing: It should be very easy for users to integrate the library >>> into their web pages and for developers to enhance the current version. I >>> think we can improve the current situation. So we also might want to move >>> this mailing list to another one with archive support (btw: is a mailing >>> list still an adequate perfect medium?) >>> >>> 3. Security: There are a lot of discussions about the advantages and >>> drawbacks of using a JavaScript based OpenPGP library (within browsers or >>> not). We should write some sort of "summarized and syntetic" (@naif: >>> thanks.) >>> >>> What should we address in 2013 from your point of view? >>> >>> Best regards, Alex >>> >>> -- >>> http://openpgpjs.org >>> >>> >>> <icon_openpgpjs.png> >>> _______________________________________________ >>> >>> http://openpgpjs.org >> >> _______________________________________________ >> >> http://openpgpjs.org > > _______________________________________________ > > http://openpgpjs.org _______________________________________________ http://openpgpjs.org
