I more or less give this plan my stamp of approval. Just mind the gaps, and careful with NPAPI! I am able to review and advise XUL+XPCOM code for security.. But for NPAPI, we'll need someone else. Anyone on-list have any expertise with processing untrusted DOM data in NPAPI, and then rendering output safely in browser windows? Sounds like a minefield to me, but perhaps it's safer and easier than I expect? Thus spake Fabio Pietrosanti (naif) (lists@xxxxxxxxxxxxxxx): > Hi all, > > i understand all the doubt from Mike and Ransom about the possible > exposure of user's security trough the exposure of functionality that > can be "called by a remote web-application". > > This is an idea to mitigate most possible security issues: > * Put the encryption functionality into the hands of user actions > * Provide minimal interaction between Javascript/XUL functionalities > > Basically a user would like to encrypt/decrypt/sign: > - text form > - file uploaded/downloaded > > That kind of actions could be implemented like explicit actions that the > user have to take. > * Text form Encryption > - Right click on web/text form -> Encrypt/Decrypt > > * File Encryption > - Upload Box can provide an option (in the file browsing window) to Encrypt > - Download Box can detect if it's encrypted, and provide an option to > Decrypt (in the file download box) > > This would work without any server-side > invocation/manipulation/whatsoever trough client-side code that could > expose vulnerabilities. > > That way there will be a "user firewall" between the encryption > functionality and the possible active content coming from the server > mitigating the risks of possible XUL/XSS and other attacks coming from > active-javascript calling XUL. > > Also Key Management functionality could stay off protected by making a > proper section (XUL) under Firefox options/menu that the user can use. > > No code coming from the web would be allowed to interact with the > plug-in but the end-user will still have all the encryption features > under his power, usable in a modern web-based world. > > What do you think? > > -naif > _______________________________________________ > tor-talk mailing list > tor-talk@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgppd1XjA_nPH.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk