I know it might sound funny, but what do you guys think about
feasibility of massively automatic PGP web mail with all
encryption/decryption done through javascript in the client's browser?

I've being thinking about this possiblity for a while now and it looks
really promissing to me.

As a proof of concept, there's already some effort to provide
OpenPGP-compatible implementation in javascript, here:
http://www.hanewin.net/encrypt/

The idea is that all mail sent through web interface will be
automatically encrypted (if recepient public key is available; if
recipient is @ our secure mail, we pick the public key automatically)
and signed, all this done on the client side and then uploaded to the
server.

If user's inbox contains any encrypted messages they will be decrypted
on the client side, as naturally only the client has the private key.

I can go into some further details of my vision on this if anyone
shows interest in it.

--
Cheers,
Alex

[ message continues ]

> what do you guys think


... i consider that a contradiction, and stupid one.

[ message continues ]

On Sun, Dec 12, 2010 at 1:16 PM, Alexander Shulgin

At some point you're going to realize that the javascript that
decrypts your mail has to come from someplace.

[ message continues ]

Ah, valid claim, thanks.  This part definitely needs re-thinking :)

As far as I understand, SSL can only guarantee you that javascript
came from the site you'd expect it come from, but there's nothing that
will stop the site admin/hijacker (if any) to alter the script in some
clever way.

At this point it boils down again to the privately owned server.

--
Alex

[ message continues ]

A better alternative would be a PGP browser addon, which I think
already exists (but I'm too lazy to check on). Granted, you still have
to trust your browser/addon maker to a certain extent, but presumably
if you're looking for web based mail encryption, you already do.

[ message continues ]

Certainly does: firegpg

[ message continues ]

On Mon, 13 Dec 2010 16:57:52 +1300

firegpg is the only way I can get friends and family to communicate
with me securely. I don't even know what the interface looks like, but
it does work (apparently).

-- 
end

[ message continues ]

It's unmaintained. I would also be surprised if the server can't get at
your plaintext (e.g. with Javascript, or even Java/Flash).

You may want to look at
http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/ and
the comments (in particular, my
http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/#comment-6239).

Summary: it doesn't work, and can't work unless you add a plugin with
*many* restrictions.

		Joachim

-- 
PotD: devel/ivy - dependency manager for Java
http://www.joachimschipper.nl/

[ message continues ]

On 13 December 2010 22:23, Joachim Schipper <joachim@joachimschipper.nl>
http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/#comment-623

Firegpg was basically just chrome extensions to local(read client)
side gpg binaries. It wasn't insecure for the reasons you cite, the
author just got sick of having to update it to work with gmail (it's
initial target). It is still useful for easy access to gpg functions
within firefox.

[ message continues ]

Is there a light at the end of the tunnel somewhere to make email
secure even for amateurs who don't know how to use PGP? I'm very
curious about the future of email, especially now. I would like to
hear opinions of OpenBSD wizards. The thing is that it is very hard to
persuade someone to use PGP all the time.


[ message continues ]

On Tue, 14 Dec 2010 23:06:49 +0100

yes, as strange as it sounds, the solution is called education.

[ message continues ]

Well, since Egypt we know that it's not going to happen.


[ message continues ]

On Tue, 14 Dec 2010 23:33:13 +0100

btw, you top top-posted on purpose to make your point, didn't you?

[ message continues ]

On Tue, 14 Dec 2010 23:33:13 +0100

egypt what?
lots of goverments are working hard on getting darwin back into our
daily life. too weak or stupid? you die.

some people have the patience to teach, others don't.
old people miss the cuteness factor of children, but still...

everybody should have experienced how satisfying it is to see senior
home inhabitants starting to teach "the internet" to others once they
got it.
what really stands out is, that they don't expect all the girls on a
social networking site to have to show them theirs because they
uploaded a photo of theirs. :)

[ message continues ]

On Tue, 14 Dec 2010 23:06:49 +0100

it is very hard to persuade someone to use PGP in the first place, and
even harder to believe they have a secure machine. Sometimes you may
find encrypted pdfs are an easy solution but then if they're running
adobe reader or worse flash then they're almost guaranteed to have had a
known exploit every week for the last.... I'll let you know when they
stop. Of course you could say similar about firefox, but the exploits
are rarely as bad. A graphical and simple (probably impossible) OpenBSD
browser, would really be something, but now I'm just dreaming.

On the other hand, the fact it is hard to get someone to use gpg may
mean that if they do then you can trust them to a higher degree than if
it was already setup for all users.

You can use gpg to securely talk to yourself, of course.

[ message continues ]

I have a great experience with Pidgin and OTR. Even a child could
handle the first authorization after a simple installation of OTR
plugin. A lot of my friends use it now, because I have encouraged a
little paranoia in them. However, it's not email though.

[ message continues ]

On 14/12/2010, Kevin Chadwick <ma1l1ists@yahoo.co.uk> wrote:
</snipped>

xxxterm should fit that description.

hth

Fred
(Sent from xxxterm :~])

[ message continues ]

On Wed, 15 Dec 2010 20:55:21 +0000

That's about the third time it's been recommended and I've kept meaning
to look at it. I've been installing it for ages. Just loaded it up and
from the name was expecting a graphical curses browser but was rather
pleasantly surprised. Time to keep an eye on the source and try to find
out how likely it is to avoid exploits that affect firefox. (with
javascript disabled, theres no point striving for the impossible)

Just looking at the library's and memory usage I'd probably have to say
close but I'm not yet sure if it get's the cigar. Looks like it fits
it's intended anticlutter and maximum screen real estate intentions but
it would be nice if security was one of it's main aims. It does appear
to be a third of the size of firefox though :-)

[ message continues ]

no disrespect to marco, but it's nothing more than a (lighter than
usual) shim around webkit.  it's just like safari, chrome, midori,
arora, etc., wrt files it will try parsing and the attack surface so
exposed.

[ message continues ]

I thought that the point about xxxterm was nice keybindings, a nice
configuration file and some keyboard free interface...

[ message continues ]

PGP has gotten easier with various front ends. Take a look at GPG Made
Easy for an example of simplifying the library calls for application
access to PGP encryption.

jb

[ message continues ]

Typing "pgp --make-it-safe" or clicking a button has never been the
hard part.  The key management and trust clusterfuck is the hard part.

Kaminksy's "DNS is the root of all certs" approach looks promising, so
I think there's a chance we'll see real progress within ten years.

[ message continues ]

Dan Kaminsky (http://dankaminsky.com) has been working on "Domain Key
Infrastructure" bootstrapped of of dnssec that looks pretty
interesting. I'm not sure where the video is for this talk (it was at
blackhat/defcon 2010), but I found the slides..
http://www.slideshare.net/dakami/phreebird-suite-10-introducing-the-domain-key-infrast...



[ message continues ]

On Tue, 14 Dec 2010 16:38:54 -0800

he is not the only one doin keys via dns(sec).
verisign had a reason to sell their ca-buisness when they did.

[ message continues ]