[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?

To: "Kyle L. Huff" <kyle.huff@xxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Mon, 10 Oct 2011 21:35:38 +0200
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Oct 2011 15:37:35 -0400
In-reply-to: <4E9320FC.1010103@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E928D52.4080204@xxxxxxxxxxxxxxx> <4E930D98.7000107@xxxxxxxxxxxxxxx> <4E931200.5090807@xxxxxxxxxxxxxxx> <4E9320FC.1010103@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.23) Gecko/20110920 Thunderbird/3.1.15

On 10/10/11 6:44 PM, Kyle L. Huff wrote:
> Another, more narrow approach would be to enforce within the plug-in
> that the URL of the page that the plug-in is embedded on must match the
> extension path. For example, the plug-in could detect if it was loaded
> on a page with the URL containing
> "chrome://.../{webpg-firefox-extension-path}/plugins/...", and refuse to
> load otherwise.

I would like to summarize that idea with some considerations:

Webpg-npani is not FireGPG
 * FireGPG is discontinued and it's ok if it has security
 * WebPG-npapi is an active project
 * WebPG hackers would be happy to work with Tor Project on integration

Security Improvements
 * Several security measures are already in development
 * Security could be always improved to satisfy various level of paranoy
 * Tor Community it's plenty of "truly certified paranoid hackers"(c)
and can work all together to define security requirements


* Data encryption is today only for power users

* Improve usability of end-to-end Encryption tools bringing it to the
masses:
  * Users are dumb
  * The users noways use a browser
  * Javascript encryption exists but have several drawbacks
  * Data encryption to be used by the user have to stay into the browser
  * A Browser PGP support is an enabling tool for encryption diffusion

Many different use-cases could be later implemented by a community.
  * Webmail plug-in for end-to-end GPG encryption
  * File upload of TorBrowserBundle could always provide an option to
encrypted the uploaded file regardless of the web application used
    * With PGP based on Public Key
    * With a PGP based symmetric password
  * File download of TorBrowserBundle could always allow decryption data
  * Simple plug-in could born to use the facility to encrypt text form
on social networks (vecna was working on a general tool to do data)
  * Other for sure would come

What do you think about it?

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
Next by Author: [tor-talk] Tor Browser Bundle: Usability Improvement Proposal (windows)
Previous by thread: Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
Next by thread: Re: [tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?
Index(es):
- Author
- Thread