Thunderbird and end-to-end email encryption – summary of responses and proposed policy

Volker Birk vb at pep-project.org
Tue Sep 1 17:02:23 UTC 2015


On Tue, Sep 01, 2015 at 06:30:47PM +0200, Patrick Brunschwig wrote:
> Another option would be to integrate a JavaScript implementation of
> OpenPGP, such as OpenPGP.js (http://openpgpjs.org/) or the Google E2E
> libraries (https://github.com/google/end-to-end).

Before you're discussing that: please keep in mind that we do a full
automation of everything which is needed to have end-to-end encryption
without any user interference.

For that case, we automate, too, that you have the same key and trust
base on one desktop for all programs using it. And that means, if you
put PGP into Javascript, you not only have the disadvantages of having
less features (GnuPG has a lot!) and less robustness against new attacks
(i.e. https://www.tau.ac.il/~tromer/handsoff/ ) but also less integration
into other apps just using the same infrastructure. Your users then have
to do things twice again (which is really bad).

Yours,
VB.
-- 
Volker Birk, p≡p project
mailto:vb at pep-project.org  http://www.pep-project.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20150901/59055fe7/attachment.sig>


More information about the tb-planning mailing list