[liberationtech] In defense of client-side encryption
danimoth
danimoth at cryptolab.net
Mon Aug 12 14:04:00 PDT 2013
On 12/08/13 at 02:58pm, Francisco Ruiz wrote:
> Thanks for a thoughtful and extensive reply. Let me see if I'm
> understanding your position correctly.
[snip, snip, snip]
> So, trusting the OS but not trusting the browser seems to me a curious case
> of double standard. They are made by the same companies, after all.
Trusting the browser in respect to trusting the OS implies adding a lot
more hypotesis on the stack, in order to define properties of your
software. To be clear, trusting the browser strictly contains
trusting the OS, and in my humble point of view, if I need to choose,
I choose fewer hypotesis. In my rescue, there is the fact that actually
*no state-of-art solutions* exists for web cryptography (is that word
right? or it is a no-sense?). To reach this point, proposals should be
made, and yours is one approach to evaluate, but (personally) I don't
like selling advertisement based on nothing.
In conclusion, if you really trust IE x.0 to execute your code,
you're welcome; I generally don't trust it even for viewing
web sites :-)
Users at this point have a lot of resources to check to make their own
opinion, I'm feeling fine with myself.
Have a nice day
More information about the liberationtech
mailing list