[cryptography] Introducing SC4 -- feedback appreciated

Dominik Schuermann dominik at dominikschuermann.de
Fri Apr 17 14:27:25 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

what problem of traditional PGP implementations did you solve?

* Looks like key exchange problem is still present (sent by mail)
* Any key authentication? I don't see any verification or
certification model.

Regards
Dominik

On 04/17/2015 08:21 PM, stef wrote:
> ohio,
> 
> On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote:
>> 1.  It is a standalone web application.
> 
> putting keys in the browser is like putting keys in front of a dmz.
> browsers are not designed for this, they are designed for
> delivering impressions and services to you. the security features
> you find in any browser are there to secure the revenue-stream of
> some companies, not for the protection of the interests of its
> users. (same goes for phones), the tool might be good (haven't
> checked), but the foundation it's built on is sand. you want to 
> isolate your keys, current end-host security does not provide much
> protection against some malware in case recovery of your keys
> becomes a priority. you also want to make sure the code running is
> authentic, with js delivered over the net this is quite hard to do
> verifiably (again, not your protection, industry revenues are the
> thing to protect).
> 
> cheers,s _______________________________________________ 
> cryptography mailing list cryptography at randombit.net 
> http://lists.randombit.net/mailman/listinfo/cryptography
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBAgAGBQJVMVCNAAoJEHGMBwEAASKCdd0IAIP0zgu/GcT8V3RqjPGDqJ+K
aoX2dneLwuPtYmCvoRRkv3iiCoc/XdefktJsF7bMKo4k1cnpq3+Y1mUa4kHG6PjK
sBL5o0Jj9xKH3hTol18ownZB1oCZuKIsJB83+RdndjZdvdPqTl3mHldUkRWtyS6n
sC7RM9THBHNRvBCWntYyolY0wsdpO61Aagq60joEeoQWM4Yb2l4hmLp10CTm6EJU
66SJoJkDR/VGCJHbFKUSHfJEsOPTyltbxUXR5hpvR+DpPPHO0l/e2uHzdQ3xLiKC
jSi+GfQbCYoZIBc5Hzl0rmJjECP7Mg+LEts4aV66s3zpRjaDfe4Won1sUvFxU9M=
=nwNR
-----END PGP SIGNATURE-----


More information about the cryptography mailing list