On 1/9/13 11:31 PM, Tankred Hase wrote: > Hi guys, > > happy new year to you guys as well. I couldn't agree more with the > points made. It's nice to see the mailing list becoming a active > again. > > Concerning the threat model discussion. The whole crypto.cat > discussion on twitter about plugin/web-delivery was quite interesting. > The main take away for me was, that delivering the JS-crypto/app code > via a signed installable package seems to be an acceptable compromise > for a lot of people. There are still of course issues such as XSS and > code injection, Yeah, the content injection and XSS it's a topic that may require some dedicated research, especially on how to really seal the application integrity respect to the content, especially when the content is something complex like an email (that may contain links, attachments, images, html encoding, etc).
> but Content Security Policy (which is used by default > in chrome manifest version 2 now) seems to address some of theses > issues. > > What are your thoughts on this... is JS crypto ready for production > purposes?. Or are there still risks that we can't manage/understand > yet? It is always said by crypto-experts that: - Is not possible to prevent side-channel-attacks - random-crypto of good quality is not widely available - there's not a single/unified way to manage long-term-keys - someone said that also timing attacks may be there due to different implementation JS vm The previous points would be probably be handled only by the W3C WebCrypto API, when it will be standardized and then when it will be implemented, as the Browser will expose "Natively implemented Crypto" and the JS code will not implement "Crypto Algorithms" (the primitives) but eventually "Crypto Protocols" (higher level crypto). Additionally, a move that has be done on crypto.cat from the security point of view is that there's higher probability of phishing attacks because: - "the interface to use the software" - "the interface to download/update the software" - "the interface to verify the integrity of the software" is the same (the browser) and graphically all can be crafted by a web page, much easily tweaking the user than in a context like having Thunderbird+GPG+Enigmail installed. Imho this require some more research on how to provide some safety measures. Anyhow i think JS crypto must goes on and continue, with new applications and concepts, with such a growing ecosystems going on in all directions. -naif _______________________________________________ http://openpgpjs.org
