[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Mon, 10 Oct 2011 07:44:19 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Oct 2011 03:44:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Efp63R/0XEobPtbJWl7AvRTrxQfYqihwZsVz5axZQyk=; b=l18/x1F/oNW/eBS+I/bEEmltQIPbJpDWfmVTI6aSxxv8zEePHCFL9kG9W8B9wIQMNo qEAxCv2KunAlZjdny6oHia70CIj83d++fQRwh5/hCyU+Cgrwq00VWskIO5IlKctEXlVz X8Zoar3cpduec8aIaAAaA2kfmSl3sFAZNxPsc=
In-reply-to: <4E928CA2.9000702@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E928CA2.9000702@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 2011-10-10, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
> is anyone evaluating whenever to include PGP encryption support into the
> default Tor Browser Bundle as a Firefox extension?

No.

> I looked at the implementation and:
>
> * FireGPG it's discontinued http://getfiregpg.org/s/install
>   It also seems it was using a "bad design" practice for the IPC
> communications between various modules.
>
> * NPAPI based GPG is just released (by old FirePGP contributor)
>   https://github.com/kylehuff/webpg-npapi
>
> Having a support for GPG encryption into a generic browser, with PGP
> operations usable from Javascript/XUL, could open a lot of improvements
> and opportunities to secure Webmail and other web applications.

No.  See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but
beware -- I'm sure katmagic and I missed a few dozen attacks.

> At http://globaleaks.org we'll most probably need such kind of support
> into the browser and we're wondering if this could accomodate a standard
> "requirement" of the Tor Project for the Tor Browser Bundle.

No.

> It would be also possible to easily make very simple "XUL" interfaces to
> handle basic PGP based file encryption operations, de-facto bundling a
> GPG client (with a Browser UI) into the TorBrowserBundle.

This sounds reasonable, except for the parts about the XUL interface
and the browser-based UI.  It also sounds rather like GPG4Win, except
for those parts.

> What do you think about it?

No.

> We're going to make some experiment in trying to build
> https://gitweb.torproject.org/torbrowser.git + GPG +
> https://github.com/kylehuff/webpg-npapi .

Ugh.


Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?
  - From: Arturo Filastò
- Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?
  - From: Joe Btfsplk

References:
- [tor-talk] Tor Browser Bundle: PGP encryption built-in?
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] observation: Browser bundle & secure files deletion
Next by Author: Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
Previous by thread: [tor-talk] Tor Browser Bundle: PGP encryption built-in?
Next by thread: Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?
Index(es):
- Author
- Thread