Future Planning: Thunderbird as a Web App

Volker Birk vb at pep-project.org
Fri Sep 18 20:12:34 UTC 2015


On Fri, Sep 18, 2015 at 01:41:18PM -0400, Andrew Sutherland wrote:
> On 09/18/2015 04:46 AM, Volker Birk wrote:
> >Crypto implementations ONLY can go from locally running software to
> >locally running software. Crypto implementations must not be server
> >based in any way, but have to be peer-to-peer only. Only then we have
> >end-to-end cryptography, only then we have security offered by crypto at
> >all, and not a simulation of security instead.
> So it's clear, the Firefox OS Gaia email app is currently a packaged and
> signed application that runs locally only.  The only servers contacted are
> the user's mail servers and those contacted in the course of running
> autoconfiguration/autodiscovery.  A content-security policy prevents code
> from being run from remote locations.

Cool. If you want, we port p≡p on it ;-)

> This is already the strategy used by whiteout.io, a PGP-focused mail client
> built on HTML/CSS/JS running as a Chrome extension, and which likely will
> also run as a Firefox extension once the platform is further built out.

That makes the following issues:

1) PGP is a needed step in-between, but as it has lists of privacy
   issues itself, it's not a solution. The web of trust on keyservers
   means you're leaking your complete contact network including the
   information whom you trust. There is no way to hide meta-data,
   instead PGP creates additional meta data with key signatures.

2) GnuPG has real advantages when it comes to feature completeness and
   hardening against i.e. side channel attacks, which all other
   implementations still lack
   https://www.cs.tau.ac.il/~tromer/papers/radioexp.pdf

Yours,
VB.
-- 
Volker Birk, p≡p project
mailto:vb at pep-project.org  http://www.pep-project.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20150918/730c7c4f/attachment.sig>


More information about the tb-planning mailing list