[liberationtech] Question about otr.js
Eduardo Robles Elvira
edulix at gmail.com
Fri Jun 7 11:03:44 PDT 2013
On Fri, Jun 7, 2013 at 7:59 PM, Steve Weis <steveweis at gmail.com> wrote:
>
> I'd like to reiterate the importance of code delivery. I've seen a
> couple dozen of attempts to do crypto via server-hosted Javascript.
> All of these reduced to trusting whomever is serving the code. This
> issues have been covered many times, most prominently by Matasano
> Security: http://www.matasano.com/articles/javascript-cryptography/
Hello everyone:
This is what I call the server in the middle problem. I actually did
my final career project about this [1]. Basically, we need the
equivalent of SSL in the sense of standarization for end-to-end web
security, or this problem will get worse and worse.
Regards,
--
[1] http://edulix.wordpress.com/2012/01/08/the-server-in-the-middle-problem-and-solution/
--
Eduardo
More information about the liberationtech
mailing list