[Security] End-to-end encryption with JavaScript client

Pavel Simerda pavlix at pavlix.net
Sat Aug 30 06:33:34 CDT 2008


On Sat, 30 Aug 2008 10:35:00 +0100
Dave Cridland <dave at cridland.net> wrote:

> On Sat Aug 30 10:15:42 2008, Pavel Simerda wrote:
> > First, users of Javascript clients don't care about e2e security.
> 
> Well, I'm not sure they even have the option, in the specific case
> of a web-based client.
> 
> We run on the assumption that the client is always trustworthy, and  
> indeed trusted. Without this assumption, we're largely sunk, and I'm  
> not sure we can make this assumption with a web-based client.

That's why I think these users don't care ;).

> (Of course, Javascript on the desktop is the same as anything else
> on the desktop).

Yep, at least for security assumptions.

> Dave.


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list