[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

end-to-end encryption

To: or-talk@xxxxxxxxxxxxx
Subject: end-to-end encryption
From: Matej Kovacic <matej.kovacic@xxxxxxxxx>
Date: Fri, 20 Oct 2006 22:53:23 +0200
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 20 Oct 2006 16:55:13 -0400
In-reply-to: <200610201949.50498.robert@roberthogan.net>
Organization: owca.info
References: <4535B995.8010304@appelbaum.net> <1161248804.28290.2514.camel@localhost.localdomain> <20061020155340.6c206ba6@localhost> <200610201949.50498.robert@roberthogan.net>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.6 (Windows/20040502)

Hi,

this is not directly connected to Tor, but I think it is important issue because we need good support programs for Tor. By support programs I mean Firefox, etc. which USE Tor.

The problem is people are extensively using webmail. They can use "mobile" Tor (TorPark), but the problem is the content of the webmail is not encrypted. So they can get anonymity, but not end-to-end encryption (so anonymity is also downgraded).

I was reading this blog: http://www.links.org/?p=130 and comments, and got an idea how to enable better security for users using web mail.

My idea is to build GPG into Firefox or at least integrate it more deeply. GPG keyring (user's private and public key) should be an object similar to certificate. User will be able to create/import keyring into Firefox, export it or delete it. Keyring could be secured with password (with FireFox security device), and additionaly with passphrase. Public keys could be easily retrieved from public key servers wia Firefox.

How decryption will work?

If FireFox will detect PGP/GPG code (in a form), it will enable decryption. This need more thinking in detaila, but in general when decrypted, it will be "grabbed", decrypted and shown in plaintext. Similar to Enigmail extension for Thunderbird.

So user could be able to use strong end-to-end encryption + anonymisationn from his/her USB drive.

My observation is, that more and more services are moving into the iternet - and mostly into web. So web browser is a central technology for browsing, reading email, writing teksts (Writely), publishing things, configuring software, watching movies... even runnig OS (see YuOS for example) And web browser is becoming independent from other systems. In a future local operating system could be only web browser with connection to the internet. That is why we need end-to-end encryption built into it.

If you find this idea reasonable and interesting, please promote this feature request: https://bugzilla.mozilla.org/show_bug.cgi?id=357310

bye, Matej

Follow-Ups:
- PGP in Firefox [Was Re: end-to-end encryption]
  - From: Roger Dingledine
- Re: end-to-end encryption? SSL? GnuPG?
  - From: xiando

References:
- "Practical onion hacking: finding the real address of Tor clients"
  - From: Jacob Appelbaum
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: George Shaffer
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Fabian Keil
- Re: "Practical onion hacking: finding the real address of Tor clients"
  - From: Robert Hogan

Prev by Author: Re: "Practical onion hacking: finding the real address of Tor clients"
Next by Author: Re: end-to-end encryption? SSL? GnuPG?
Previous by thread: Re: "Practical onion hacking: finding the real address of Tor clients"
Next by thread: PGP in Firefox [Was Re: end-to-end encryption]
Index(es):
- Author
- Thread