[Security] End-to-end encryption with JavaScript client

Dave Cridland dave at cridland.net
Sat Aug 30 04:35:00 CDT 2008


On Sat Aug 30 10:15:42 2008, Pavel Simerda wrote:
> First, users of Javascript clients don't care about e2e security.

Well, I'm not sure they even have the option, in the specific case of  
a web-based client.

We run on the assumption that the client is always trustworthy, and  
indeed trusted. Without this assumption, we're largely sunk, and I'm  
not sure we can make this assumption with a web-based client.

(Of course, Javascript on the desktop is the same as anything else on  
the desktop).

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Security mailing list