Hi all, i understand all the doubt from Mike and Ransom about the possible exposure of user's security trough the exposure of functionality that can be "called by a remote web-application".
This is an idea to mitigate most possible security issues: * Put the encryption functionality into the hands of user actions * Provide minimal interaction between Javascript/XUL functionalities Basically a user would like to encrypt/decrypt/sign: - text form - file uploaded/downloaded That kind of actions could be implemented like explicit actions that the user have to take. * Text form Encryption - Right click on web/text form -> Encrypt/Decrypt * File Encryption - Upload Box can provide an option (in the file browsing window) to Encrypt - Download Box can detect if it's encrypted, and provide an option to Decrypt (in the file download box) This would work without any server-side invocation/manipulation/whatsoever trough client-side code that could expose vulnerabilities. That way there will be a "user firewall" between the encryption functionality and the possible active content coming from the server mitigating the risks of possible XUL/XSS and other attacks coming from active-javascript calling XUL. Also Key Management functionality could stay off protected by making a proper section (XUL) under Firefox options/menu that the user can use. No code coming from the web would be allowed to interact with the plug-in but the end-user will still have all the encryption features under his power, usable in a modern web-based world. What do you think? -naif _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
