I know that this kind of argument attract crypto-trolling ("Javascript encryption" and "Unauthenticated encryption" and "Opportunistic encryption") but i think
Il 10/28/13 3:14 PM, Guido Witmond ha scritto: that it's worth discussing because it could be a revolutionary approach to challenge massive wiretapping. What does various people think about this approach?
One question: How does the javascript get to the browser without any interference from intermediate parties?
No protection against active attacks. The purpose is to defeat massive wiretapping that's a passive. Active attacks are mostly for targetted attacks, so outside the scope. There was many interesting discussion about the likelyhood to implement a PoC like this in a very simplified way, of easy integration with existing web applications: https://github.com/digitalbazaar/forge/issues/84 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org