Future Planning: Thunderbird as a Web App
asutherland at asutherland.org
Fri Sep 18 17:41:18 UTC 2015
On 09/18/2015 04:46 AM, Volker Birk wrote:
> Crypto implementations ONLY can go from locally running software to
> locally running software. Crypto implementations must not be server
> based in any way, but have to be peer-to-peer only. Only then we have
> end-to-end cryptography, only then we have security offered by crypto at
> all, and not a simulation of security instead.
So it's clear, the Firefox OS Gaia email app is currently a packaged and
signed application that runs locally only. The only servers contacted
are the user's mail servers and those contacted in the course of running
autoconfiguration/autodiscovery. A content-security policy prevents
code from being run from remote locations.
The direction Gecko is going with APIs like TCPSocket that are hard to
explain to users as permission prompts and for which standardization
really isn't happening is for them to be add-on-only APIs. So a
pure-HTML/CSS/JS Thunderbird would effectively be a cryptographically
signed Firefox add-on.
This is already the strategy used by whiteout.io, a PGP-focused mail
client built on HTML/CSS/JS running as a Chrome extension, and which
likely will also run as a Firefox extension once the platform is further
More information about the tb-planning