Future Planning: Thunderbird as a Web App
vb at pep-project.org
Fri Sep 18 20:12:34 UTC 2015
On Fri, Sep 18, 2015 at 01:41:18PM -0400, Andrew Sutherland wrote:
> On 09/18/2015 04:46 AM, Volker Birk wrote:
> >Crypto implementations ONLY can go from locally running software to
> >locally running software. Crypto implementations must not be server
> >based in any way, but have to be peer-to-peer only. Only then we have
> >end-to-end cryptography, only then we have security offered by crypto at
> >all, and not a simulation of security instead.
> So it's clear, the Firefox OS Gaia email app is currently a packaged and
> signed application that runs locally only. The only servers contacted are
> the user's mail servers and those contacted in the course of running
> autoconfiguration/autodiscovery. A content-security policy prevents code
> from being run from remote locations.
Cool. If you want, we port p≡p on it ;-)
> This is already the strategy used by whiteout.io, a PGP-focused mail client
> built on HTML/CSS/JS running as a Chrome extension, and which likely will
> also run as a Firefox extension once the platform is further built out.
That makes the following issues:
1) PGP is a needed step in-between, but as it has lists of privacy
issues itself, it's not a solution. The web of trust on keyservers
means you're leaking your complete contact network including the
information whom you trust. There is no way to hide meta-data,
instead PGP creates additional meta data with key signatures.
2) GnuPG has real advantages when it comes to feature completeness and
hardening against i.e. side channel attacks, which all other
implementations still lack
Volker Birk, p≡p project
mailto:vb at pep-project.org http://www.pep-project.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: not available
More information about the tb-planning