Giorgio Maone wrote:
> On 09/07/2014 01:41, Alasdair Young wrote:
>>
>> I'm not a fan of openpgp.js for a lot of reasons.
>> http://tonyarcieri.com/whats-wrong-with-webcrypto explains why in a
>> much better way than I ever could.
>
> I'm very new to this community and its mindset, so I know I've got a lot
> to learn and I'm certainly missing something essential, but I fail to
> understand how those (mostly valid) objections apply to our scenario,
> since they are directed either against the webcrypto standardization
> process or aganst cryptography performed in the context of a web page:
>
> 1. OpenPGP.js does not *depend* on webcrypto, even if it supports it
> 2. We wouldn't run as web content, but as privileged code, with the same
> powers and the same isolation as the browser itself (much like any
> platform-native program, even if written in cross-platform JavaScript).
> 3. We don't need to deal with private keys
Hey Giorgio!
Thanks for clarifying that. Your reasoning sounds good to me, but I
don't have the technical insight to validate everything that we are
saying here. I added the idea to the blueprint (d5bc710) feel free to
add more technical details.
Still, I'd suggest not losing focus with that discussion now, and moving
on to the initial implementation to verify SHA-256 and reconsider all
that later on :)
I created #7552 on our Redmine to track that project. Feel free to
create yourself an account and assign that task to you.
--
sajolida
