Google'es End-to-End
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Jun 4 21:05:42 PDT 2014
Il 6/3/14, 11:53 PM, rysiek ha scritto:
> Hi there,
>
> not sure what to think about this one:
>
http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html
>
> Technical specs:
> https://code.google.com/p/end-to-end/
>
It's very bad that they reimplemented a new PGP stack in JS when there
is a multi-stakeholder community effort with OpenPGP.js www.openpgpjs.org
Look their comments about it:
https://news.ycombinator.com/item?id=7843297
"Not a stupid question at all. We actually considered this option, but
OpenPGP.js looked pretty bad back then.
Security-wise the library wasn't in good shape.
One of our cryptographers would "classify [OpenPGP.js] as trash.
It has been audited recently, but the result doesn't look very good either"
I think that Google should make a turn-back and switch to using
OpenPGP.js, that's a modular, secure, widely compatible and performant
PGP stack library in javascript, with heavy improvements done in the
last 9 months, thanks to multiple developers working on it for different
projects.
I reported such issue here:
https://code.google.com/p/end-to-end/issues/detail?id=3
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2484 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140605/80669b97/attachment-0001.txt>
More information about the cypherpunks
mailing list