[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by mikeperry):
For the record, "trying out" CryptoCat for TBB-alpha means "Mike finally
devotes the mental energy to actually look through the bugtracker, look at
the code, and finally use the damn thing with a test account." I haven't
had time to do that yet, and I won't until sometime either next week or
the week after, once we're done with stabilizing FF17. My earlier comments
were meant to say "Holy crap, get this thing audited for XSS issues again,
or I won't even do that much."
I am glad you did that, and I wanted to offer you some words of
encouragement.
I took a second to look through your bugtracker, and there are several
bugs in there that I would consider blockers even for TBB-alpha (which by
the way, wouldn't mean it would go into the subsequent TBB-stable
automatically). I didn't know that your "Multi-Party OTR" implementation
wasn't actually mpOTR. That is a blocker for us. I think it either needs
to support mpOTR or CryptoCat simply shouldn't allow group chat at all. I
don't believe it is safe for you to cook up your own crypto protocols and
deploy them. Instead, you should be using existing peer-reviewed protocols
to the letter.
Issue #180 is also concerning. If it actually still applies to the
CryptoCat XPI, that is a potentially bad sign in terms of storage
utilization and architecture. Based on this, there may be other issues
with how the extension is architected that freak me out.
People may also still successfully convince me that we need to stub out to
native code for any primatives you use. Depending on how successfully I am
convinced of that, it may also be a blocker (possibly even for TBB-alpha,
but right now I think it might be more important for TBB-alpha to be a
playground for crazy prototype shit).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:42>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs