On Wed, Sep 25, 2013 at 10:15:29PM +0100, Mohamed Akram Tabka wrote: > Hi all, > I'm thinking about developping an OTR addon for handling OTR > discussions on web browsers. Is it really secure ? > Does really browser extensions for crypto operations pose threats to > users security? > > If it is not recommended to develop crypto addons for browsers please > tell me. > > All bests, > A.
One of the trickiest bits is in ensuring that when the user types plaintext, it goes *straight* into the plugin, and no (for example) Javascript on a web page can intercept that plaintext. Here's an example of the problem: https://tails.boum.org/doc/encryption_and_privacy/FireGPG_susceptible_to_devastating_attacks/ So at the very least, the plugin would have to have chrome (a specially decorated type of input window, perhaps?) that is unforgeable by web content. - Ian _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
