Il 6/3/14, 11:53 PM, rysiek ha scritto:
Hi there,
not sure what to think about this one:
http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryptio...
Technical specs: https://code.google.com/p/end-to-end/
It's very bad that they reimplemented a new PGP stack in JS when there is a multi-stakeholder community effort with OpenPGP.js www.openpgpjs.org Look their comments about it: https://news.ycombinator.com/item?id=7843297 "Not a stupid question at all. We actually considered this option, but OpenPGP.js looked pretty bad back then. Security-wise the library wasn't in good shape. One of our cryptographers would "classify [OpenPGP.js] as trash. It has been audited recently, but the result doesn't look very good either" I think that Google should make a turn-back and switch to using OpenPGP.js, that's a modular, secure, widely compatible and performant PGP stack library in javascript, with heavy improvements done in the last 9 months, thanks to multiple developers working on it for different projects. I reported such issue here: https://code.google.com/p/end-to-end/issues/detail?id=3 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org