Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Question about otr.js

Eduardo Robles Elvira edulix at gmail.com
Fri Jun 7 11:03:44 PDT 2013


On Fri, Jun 7, 2013 at 7:59 PM, Steve Weis <steveweis at gmail.com> wrote:
>
> I'd like to reiterate the importance of code delivery. I've seen a
> couple dozen of attempts to do crypto via server-hosted Javascript.
> All of these reduced to trusting whomever is serving the code. This
> issues have been covered many times, most prominently by Matasano
> Security: http://www.matasano.com/articles/javascript-cryptography/

Hello everyone:

This is what I call the server in the middle problem. I actually did
my final career project about this [1]. Basically, we need the
equivalent of SSL in the sense of standarization for end-to-end web
security, or this problem will get worse and worse.

Regards,
--
[1] http://edulix.wordpress.com/2012/01/08/the-server-in-the-middle-problem-and-solution/

--
Eduardo



More information about the liberationtech mailing list