[tor-talk] Ideas to securely implement PGP encryption/decryption
Robert Ransom
rransom.8774 at gmail.com
Tue Oct 11 01:48:53 UTC 2011
On 2011-10-10, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
> Hi all,
>
> i understand all the doubt from Mike and Ransom about the possible
> exposure of user's security trough the exposure of functionality that
> can be "called by a remote web-application".
>
> This is an idea to mitigate most possible security issues:
> * Put the encryption functionality into the hands of user actions
> * Provide minimal interaction between Javascript/XUL functionalities
>
> Basically a user would like to encrypt/decrypt/sign:
> - text form
> - file uploaded/downloaded
>
> That kind of actions could be implemented like explicit actions that the
> user have to take.
> * Text form Encryption
> - Right click on web/text form -> Encrypt/Decrypt
You missed the point of
https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ entirely.
More information about the tor-talk
mailing list