[RCD] Status of S/MIME and PGP support

Jonas Meurer jonas at freesources.org
Sun Dec 1 21:31:39 CET 2013


Am 01.12.2013 14:20, schrieb Markus Wernig:
> On Sat Nov 30 13:00:45 CET 2013, Thomas Bruederli wrote:
> 
>> But in terms of architecture, a purely client-side
>> encryption/decryption is the preferred and most secure way.
> 
> OK, this depends on which side of the cryptosystem you assume to be more
> trustworthy: the server or your browser runtime. Especially javascript
> has some major drawbacks when it comes to crypto (just think XSS). See
> eg. here for a discussion:
> http://www.matasano.com/articles/javascript-cryptography/
> 
> [...]
> So I'd rather stick with a server-side approach, even if it would not
> make it into an official release.

Same here.

Kind regards,
 jonas



More information about the dev mailing list