Giorgio Maone wrote: > On 09/07/2014 01:41, Alasdair Young wrote: >> >> I'm not a fan of openpgp.js for a lot of reasons. >> http://tonyarcieri.com/whats-wrong-with-webcrypto explains why in a >> much better way than I ever could. > > I'm very new to this community and its mindset, so I know I've got a lot > to learn and I'm certainly missing something essential, but I fail to > understand how those (mostly valid) objections apply to our scenario, > since they are directed either against the webcrypto standardization > process or aganst cryptography performed in the context of a web page: > > 1. OpenPGP.js does not *depend* on webcrypto, even if it supports it > 2. We wouldn't run as web content, but as privileged code, with the same > powers and the same isolation as the browser itself (much like any > platform-native program, even if written in cross-platform JavaScript). > 3. We don't need to deal with private keys
Hey Giorgio! Thanks for clarifying that. Your reasoning sounds good to me, but I don't have the technical insight to validate everything that we are saying here. I added the idea to the blueprint (d5bc710) feel free to add more technical details. Still, I'd suggest not losing focus with that discussion now, and moving on to the initial implementation to verify SHA-256 and reconsider all that later on :) I created #7552 on our Redmine to track that project. Feel free to create yourself an account and assign that task to you. -- sajolida
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
