[tor-talk] Fwd: Tor Browser Bundle: PGP encryption built-in?

Robert Ransom rransom.8774 at gmail.com
Mon Oct 10 21:54:09 UTC 2011 

On 2011-10-10, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
> Hi Kyle and Aaron,
>
> let me answer to you by making in Cc the tor-talk mailing lists where
> there is an on-going discussion about it.
>
> It has been suggested that FireGPG is unsafe
> (https://tails.boum.org/bugs/FireGPG_may_be_unsafe/), your approach by
> design sounds very nice.

You seem to have missed the point of that page -- the problem with
FireGPG is what it allows, not how it was implemented.

> I am wondering whether it would be possible to add another simple
> security mechanism so that the user is "alerted" anytime a GPG related
> operation is going to be executed.
>
> Something like:
> "The website blahblah.com would like to use PGP to [encrypt|sign|cipher]
> web-data, do you want to allow it?"
>
> Ransom, what do you think about Kyle and Aaron approach? (Eventually
> including a "pre-warning" for any sensitive operation to the end-user)?

A warning before JavaScript enumerates your keyring isn't sufficient.
Users must, at a minimum, be able to block all further attempts by a
page or website to use GPG features.

And even that won't help most users -- a request-for-permission dialog
can only protect users who read messages before clicking 'Allow', and
who understand that allowing a website to use a GPG plugin is
dangerous.

> By embedding a GPG support into TorBrowserbundle, the Tor Project would
> eventually provide a "Trusted PGP Key lookup server" on a Tor Hidden
> Service that forward the PGP key lookup to public internet key servers.

No we wouldn't.

> I mean, today everything goes over HTTP, but our browsers are capable of
> doing end-to-end encryption only by using Javascript.
> Why not try to "enable" the best of Anonimity (Tor) + best of Web
> Browsing (Firefox) with best of encryption (GPG) ?

I don't consider Firefox the 'best of Web Browsing' or GPG the 'best
of encryption'.  They are only the crap tools we're stuck with for
now.


Robert Ransom

More information about the tor-talk mailing list