[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] TIMB - Tor Instant Messaging Bundle
On Wednesday, March 5, 2014 at 4:39 AM, M. Ziebell wrote:
> If have a question to the TIMB Project,
> I'm not sure if this is the correct mailing list, if not I'm sorry.
>
> In this Roadmap/summary:
>
> https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB
>
> You mention that your planing/trying the Bundle around the Mozillas NSS
> lib with some JS-C Wrapper for OTR.
>
>
The plan was to start with a js ctypes wrapper of libotr
and then, maybe sometime in the future, replace it with
an nss based implementation of otr.
>
> Possible that I mistake something but I'm not a friend of the idea of
> an messenger basend on JS and NSS.
>
> 1. As far as I understand it would just use web techniques and NOT be
> one, so this article may not apply.
>
> http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/
To quote from the linked article,
"If you can deploy a custom plugin to clients, why not run
the crypto there? If it can access the host environment, it
has a real PRNG, crypto library (Mozilla NSS or Microsoft
CryptoAPI), etc. â
This is what we intend to do. The crypto wonât be in js,
just the interface. Still plenty of room for error, but not
necessarily in the way this article advocates.
Moreover, the application will be deterministically built
and downloaded once, not on every request.
>
> 2. The Tor Browser Bundle already depends on NSS. IMHO it is true to
> say that there security bugs in the lib, just because security is so
> damn complex.
> Considering these two statement I would advise against NSS and build
> the Bundle around an other LIB, for diversity.
>
>
Well, the first version will be using libtor, which depends on libgcrypt.
>
>
> I'm sorry for the clumsy language or if I offend anybody/anyone. Highly
> likely that I'm not getting everythin..
>
>
Not offense taken :)
Thanks for the questions.
Arlo
>
>
> Sincerely,
>
> M
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx (mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx)
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk