[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] offtopic: encrypt.to
|
From: |
Frank Villaro-Dixon |
|
Subject: |
Re: [Sks-devel] offtopic: encrypt.to |
|
Date: |
Thu, 12 Dec 2013 11:09:36 +0100 |
|
User-agent: |
Mutt/1.5.22 (2013-10-16) |
On 13-12-12 10:44:18, address@hidden, wrote 0.8K characters saying:
Simple, we're using client side encryption, you can review the
javascript code in your browser. The server/service receives encrypted
messages and send it to the receiver. The server/service can't decrypt your
message, it's PGP.
I think that what Gabor meant was that *maybe* a client will check the source
code *once*, but not always! With time, you don't continue to do the same
annoying tasks (aka. checking that the source code is the same), and you forget.
A lambda person won't check the code, and then, the NXA (or another third
party), can alter with the code, and do a simple MITM. Everybody will fall in
the trap.
IMHO, I think your service, as good as it may seem, is a false-good idea.
Cheers,
Frank
"Kiss Gabor (Bitman)" <address@hidden>:
Why?
How an innocent bystander could be sure that (s)he will use
the _same_ code when sending mail via your service?
If I worked to the No Such Agency I'd probably do this trick. :-)
g
--
frank.villaro-dixon.eu - PGP: 6F36914A
Envie d'électricité 100% verte ? Enercoop.fr
What is a Velomobile ? www.sans-essence.eu
- [Sks-devel] offtopic: encrypt.to, Kiss Gabor (Bitman), 2013/12/10
- Re: [Sks-devel] offtopic: encrypt.to, admin, 2013/12/11
- Re: [Sks-devel] offtopic: encrypt.to, Kiss Gabor (Bitman), 2013/12/11
- Re: [Sks-devel] offtopic: encrypt.to, admin, 2013/12/12
- Re: [Sks-devel] offtopic: encrypt.to,
Frank Villaro-Dixon <=
- Re: [Sks-devel] offtopic: encrypt.to, Gabor Kiss, 2013/12/12
- Re: [Sks-devel] offtopic: encrypt.to, admin, 2013/12/12
- Re: [Sks-devel] offtopic: encrypt.to, David Benfell, 2013/12/12
- Re: [Sks-devel] offtopic: encrypt.to, Gabor Kiss, 2013/12/12