I've found recently discussion on a forum on trusts for javascript code that is loaded from network and pretends to realize easy to use encryption of mail.
Agreed that here you have to trust vendor of the code ultimately. Question I keep since I'm using Qubes - is it possible anyway to have no need in trust to vendor? Intro, required to understand context: Those old times when irc was the primary channel in our communication within a team of a few geeks interested also in security one of us made an encrypting proxy with dynamic key exchange. >From outside this looks like this: 1) there is an irc channel - a known place to meet and talk w/o encryption 2) once two people need to use secure communication they agree on this (usually opening then a private 2 person chat separate window). Each of two clicks a button <enter encrypted mode>. The software uses an encrypting proxy model and takes dynamic key create/exchange + encryption/decryption phase by encrypting/decrypting talk on the fly. The conversation if used on the public channel looks like a dump of ascii armored encrypted file - just a flow of strings that a 3d party cannot easily decrypt. So it was a proxy for encryption and dynamic key exchange. The basic idea is that only proxy has a clue about encryption and key exchange.The client uses simple text protocol and all encryption is seamless - you don't have to change the software itself. Well, what if we try similar idea when organising secure communications using 2 computers and diffrent VMS with two Qubes PCs? The requirement is to have at least one VM in Qubes installed as usually that never operates w/ unencrypted data after entering "transparent encryption of data". Is it possible at all? The main problem is that when we want to make seamless encryption via proxy the protocol has to be easy separated to data and control sequences. I.e. we can connect as keyboard "a resulting flow of encryption made in other VM", but the software running inside such a VM will interpret some of that input as a control sequence and, for example, react to data like on a special key press. If I get as a proxy into another VM - I've to read and answer on that VM also. Any comments? -- Bye.Olli. gpg --search-keys grey_olli , use key w/ fingerprint below: Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6M-SgNJBq%2Byzr7w1cFqVnocC2hXn0qovYTogSq264eQdA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.