On 2011-10-10, Fabio Pietrosanti (naif) <li...@infosecurity.ch> wrote: > is anyone evaluating whenever to include PGP encryption support into the > default Tor Browser Bundle as a Firefox extension?
No. > I looked at the implementation and: > > * FireGPG it's discontinued http://getfiregpg.org/s/install > It also seems it was using a "bad design" practice for the IPC > communications between various modules. > > * NPAPI based GPG is just released (by old FirePGP contributor) > https://github.com/kylehuff/webpg-npapi > > Having a support for GPG encryption into a generic browser, with PGP > operations usable from Javascript/XUL, could open a lot of improvements > and opportunities to secure Webmail and other web applications. No. See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but beware -- I'm sure katmagic and I missed a few dozen attacks. > At http://globaleaks.org we'll most probably need such kind of support > into the browser and we're wondering if this could accomodate a standard > "requirement" of the Tor Project for the Tor Browser Bundle. No. > It would be also possible to easily make very simple "XUL" interfaces to > handle basic PGP based file encryption operations, de-facto bundling a > GPG client (with a Browser UI) into the TorBrowserBundle. This sounds reasonable, except for the parts about the XUL interface and the browser-based UI. It also sounds rather like GPG4Win, except for those parts. > What do you think about it? No. > We're going to make some experiment in trying to build > https://gitweb.torproject.org/torbrowser.git + GPG + > https://github.com/kylehuff/webpg-npapi . Ugh. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk