On 10/10/11 9:44 AM, Robert Ransom wrote: > On 2011-10-10, Fabio Pietrosanti (naif) <li...@infosecurity.ch> wrote: >> is anyone evaluating whenever to include PGP encryption support into the >> default Tor Browser Bundle as a Firefox extension? > No. > I actually think it would be a great idea to include PGP encryption support into the browser. I remember discussing this with Jake some time ago of maybe in the future having a bundle for Thunderbird and enigmail. I don't see why it it a bad idea to move one step closer into that direction by including PGP in the TBB.
>> I looked at the implementation and: >> >> * FireGPG it's discontinued http://getfiregpg.org/s/install >> It also seems it was using a "bad design" practice for the IPC >> communications between various modules. >> >> * NPAPI based GPG is just released (by old FirePGP contributor) >> https://github.com/kylehuff/webpg-npapi >> >> Having a support for GPG encryption into a generic browser, with PGP >> operations usable from Javascript/XUL, could open a lot of improvements >> and opportunities to secure Webmail and other web applications. > No. See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but > beware -- I'm sure katmagic and I missed a few dozen attacks. > Well that attack proposed there is pretty basic, I really think this is a useful idea and it should not be discarded with no thought. >> At http://globaleaks.org we'll most probably need such kind of support >> into the browser and we're wondering if this could accomodate a standard >> "requirement" of the Tor Project for the Tor Browser Bundle. > No. > I must also here disagree, but I think I am a bit biased . Anyways as I said, it would be of great use for people to be able to user PGP built into the browser, at least for sending encrypted email. It should not be implemented in a rush, but the gain that can be drawn from such a feature is not slim. Instead of having people download and install complicated software to send me and an encrypted message I can point them to the TBB and they are all set. Not at all a badi dea. >> It would be also possible to easily make very simple "XUL" interfaces to >> handle basic PGP based file encryption operations, de-facto bundling a >> GPG client (with a Browser UI) into the TorBrowserBundle. > This sounds reasonable, except for the parts about the XUL interface > and the browser-based UI. It also sounds rather like GPG4Win, except > for those parts. > >> What do you think about it? > No. > Robert, why do you have to be so negative? >> We're going to make some experiment in trying to build >> https://gitweb.torproject.org/torbrowser.git + GPG + >> https://github.com/kylehuff/webpg-npapi . > Ugh. > AAAaaaaaaarghhh! > Robert Ransom - Art. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
