I personally wish this: https://casecurity.org/2013/08/28/public-key-pinning/ http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11
was working now. -tim On 3/25/14, Dr. M. Weihrauch <[email protected]> wrote: > Dear OpenPGP.js community: > > We wanted to develop a simple plugin to encrypt the traffic between > browser and server for all those websites, which don't use SSL for any > reason (no money, no webspace that supports SSL certificates). We > developed "NoSSL", which uses RSA/AES. Actually, we always wanted to use > OpenPGP, but there was no working counterpart in PHP, so we decided for > the first version for something that we built ourselves. > Once there is more for OpenPGP, we will switch to your great software > (as it is better standardized). > > The software NoSSL is open-source and free for non-commercial use. We > started an Indiegogo campaign to collect some funding to leverage the > prototype to a fully working software (maybe that could also be > something for OpenPGP.js in the future?): > https://www.indiegogo.com/projects/nossl-security-for-your-website/x/6399437 > > For all the crypto-experts among you: yes, we know that it is currently > not safe against a man-in-the-middle attack, but a) we claim that NoSSL > is better than not using any protection at all and b) like you we also > believe in the future developments for JavaScript (plugins, Node.js) and > browsers, which will help us to overcome these current obstacles. > > We would be interested in your opinions. > > Best regards > > Martin > Smart In Media > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org > _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
