[Security] End-to-end encryption with JavaScript client

Dave Cridland dave at cridland.net
Sat Aug 30 04:35:00 CDT 2008

On Sat Aug 30 10:15:42 2008, Pavel Simerda wrote:
> First, users of Javascript clients don't care about e2e security.

Well, I'm not sure they even have the option, in the specific case of  
a web-based client.

We run on the assumption that the client is always trustworthy, and  
indeed trusted. Without this assumption, we're largely sunk, and I'm  
not sure we can make this assumption with a web-based client.

(Of course, Javascript on the desktop is the same as anything else on  
the desktop).

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Security mailing list