Il 6/3/14, 11:53 PM, rysiek ha scritto:
   > Hi there,
   >
   > not sure what to think about this one:
   >
   [1]http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-e
   ncryption-easier-to.html
   >
   > Technical specs:
   > [2]https://code.google.com/p/end-to-end/
   >
   It's very bad that they reimplemented a new PGP stack in JS when there
   is a multi-stakeholder community effort with OpenPGP.js
   [3]www.openpgpjs.org
   Look their comments about it:
   [4]https://news.ycombinator.com/item?id=7843297
   "Not a stupid question at all. We actually considered this option, but
   OpenPGP.js looked pretty bad back then.
   Security-wise the library wasn't in good shape.
   One of our cryptographers would "classify [OpenPGP.js] as trash.
   It has been audited recently, but the result doesn't look very good
   either"
   I think that Google should make a turn-back and switch to using
   OpenPGP.js, that's a modular, secure, widely compatible and performant
   PGP stack library in javascript, with heavy improvements done in the
   last 9 months, thanks to multiple developers working on it for
   different projects.
   I reported such issue here:
   [5]https://code.google.com/p/end-to-end/issues/detail?id=3
   --
   Fabio Pietrosanti (naif)
   HERMES - Center for Transparency and Digital Human Rights
   [6]http://logioshermes.org - [7]http://globaleaks.org -
   [8]http://tor2web.org

References

   1. http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html
   2. https://code.google.com/p/end-to-end/
   3. http://www.openpgpjs.org/
   4. https://news.ycombinator.com/item?id=7843297
   5. https://code.google.com/p/end-to-end/issues/detail?id=3
   6. http://logioshermes.org/
   7. http://globaleaks.org/
   8. http://tor2web.org/