[tor-talk] Ideas to securely implement PGP encryption/decryption

[Fabio Pietrosanti (naif)]

Hi all,

i understand all the doubt from Mike and Ransom about the possible
exposure of user's security trough the exposure of functionality that
can be "called by a remote web-application".

This is an idea to mitigate most possible security issues:
 * Put the encryption functionality into the hands of user actions
 * Provide minimal interaction between Javascript/XUL functionalities

Basically a user would like to encrypt/decrypt/sign:
 - text form
 - file uploaded/downloaded

That kind of actions could be implemented like explicit actions that the
user have to take.
* Text form Encryption
 - Right click on web/text form -> Encrypt/Decrypt

* File Encryption
 - Upload Box can provide an option (in the file browsing window) to Encrypt
 - Download Box can detect if it's encrypted, and provide an option to
Decrypt (in the file download box)

This would work without any server-side
invocation/manipulation/whatsoever trough client-side code that could
expose vulnerabilities.

That way there will be a "user firewall" between the encryption
functionality and the possible active content coming from the server
mitigating the risks of possible XUL/XSS and other attacks coming from
active-javascript calling XUL.

Also Key Management functionality could stay off protected by making a
proper section (XUL) under Firefox options/menu that the user can use.

No code coming from the web would be allowed to interact with the
plug-in but the end-user will still have all the encryption features
under his power, usable in a modern web-based world.

What do you think?

-naif