end-to-end encryption
Matej Kovacic
matej.kovacic at owca.info
Fri Oct 20 20:53:23 UTC 2006
Hi,
this is not directly connected to Tor, but I think it is important issue
because we need good support programs for Tor. By support programs I
mean Firefox, etc. which USE Tor.
The problem is people are extensively using webmail. They can use
"mobile" Tor (TorPark), but the problem is the content of the webmail is
not encrypted. So they can get anonymity, but not end-to-end encryption
(so anonymity is also downgraded).
I was reading this blog: http://www.links.org/?p=130 and comments, and
got an idea how to enable better security for users using web mail.
My idea is to build GPG into Firefox or at least integrate it more
deeply. GPG keyring (user's private and public key) should be an object
similar to certificate.
User will be able to create/import keyring into Firefox, export it or
delete it. Keyring could be secured with password (with FireFox security
device), and additionaly with passphrase. Public keys could be easily
retrieved from public key servers wia Firefox.
How decryption will work?
If FireFox will detect PGP/GPG code (in a form), it will enable decryption.
This need more thinking in detaila, but in general when decrypted, it
will be "grabbed", decrypted and shown in plaintext. Similar to Enigmail
extension for Thunderbird.
So user could be able to use strong end-to-end encryption +
anonymisationn from his/her USB drive.
My observation is, that more and more services are moving into the
iternet - and mostly into web. So web browser is a central technology
for browsing, reading email, writing teksts (Writely), publishing
things, configuring software, watching movies... even runnig OS (see
YuOS for example) And web browser is becoming independent from other
systems. In a future local operating system could be only web browser
with connection to the internet. That is why we need end-to-end
encryption built into it.
If you find this idea reasonable and interesting, please promote this
feature request:
https://bugzilla.mozilla.org/show_bug.cgi?id=357310
bye, Matej
More information about the tor-talk
mailing list