ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: not really pgp signing in van

2013-09-10 13:48:01
from [Martin Thomson] [Permanent Link] 
On 10 September 2013 11:36, Ted Lemon <Ted(_dot_)Lemon(_at_)nominum(_dot_)com> 
wrote:

So I run Javascript provided by Comodo to generate the key pair.   This means 
that my security depends on my willingness and ability to read possibly 
obfuscated Javascript to make sure that it only uploads the public half of 
the key pair.


It's actually far worse than that when you consider the inherent
mutability of JavaScript.

The WebCrypto API should go a long way to addressing your concerns though.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: not really pgp signing in van, Ted Lemon
Next by Date:  Re: not really pgp signing in van, Phillip Hallam-Baker
Previous by Thread:  Re: not really pgp signing in van, Ted Lemon
Next by Thread:  Re: not really pgp signing in van, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]