[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?



On 10/10/11 9:44 AM, Robert Ransom wrote:
> On 2011-10-10, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
>> is anyone evaluating whenever to include PGP encryption support into the
>> default Tor Browser Bundle as a Firefox extension?
> No.
>
I actually think it would be a great idea to include PGP encryption
support into the browser.
I remember discussing this with Jake some time ago of maybe in the
future having a bundle for Thunderbird and enigmail. I don't see why it
it a bad idea to move one step closer into that direction by including
PGP in the TBB.


>> I looked at the implementation and:
>>
>> * FireGPG it's discontinued http://getfiregpg.org/s/install
>>   It also seems it was using a "bad design" practice for the IPC
>> communications between various modules.
>>
>> * NPAPI based GPG is just released (by old FirePGP contributor)
>>   https://github.com/kylehuff/webpg-npapi
>>
>> Having a support for GPG encryption into a generic browser, with PGP
>> operations usable from Javascript/XUL, could open a lot of improvements
>> and opportunities to secure Webmail and other web applications.
> No.  See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but
> beware -- I'm sure katmagic and I missed a few dozen attacks.
>
Well that attack proposed there is pretty basic, I really think this is
a useful idea and it should not be discarded with no thought.

>> At http://globaleaks.org we'll most probably need such kind of support
>> into the browser and we're wondering if this could accomodate a standard
>> "requirement" of the Tor Project for the Tor Browser Bundle.
> No.
>
I must also here disagree, but I think I am a bit biased .

Anyways as I said, it would be of great use for people to be able to
user PGP built into the browser, at least for sending encrypted email.

It should not be implemented in a rush, but the gain that can be drawn
from such a feature is not slim.

Instead of having people download and install complicated software to
send me and an encrypted message I can point them to the TBB and they
are all set. Not at all a badi dea.

>> It would be also possible to easily make very simple "XUL" interfaces to
>> handle basic PGP based file encryption operations, de-facto bundling a
>> GPG client (with a Browser UI) into the TorBrowserBundle.
> This sounds reasonable, except for the parts about the XUL interface
> and the browser-based UI.  It also sounds rather like GPG4Win, except
> for those parts.
>
>> What do you think about it?
> No.
>
Robert, why do you have to be so negative?


>> We're going to make some experiment in trying to build
>> https://gitweb.torproject.org/torbrowser.git + GPG +
>> https://github.com/kylehuff/webpg-npapi .
> Ugh.
>
AAAaaaaaaarghhh!


> Robert Ransom
- Art.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk