On 10/11/11 7:47 AM, Mike Perry wrote: > I more or less give this plan my stamp of approval. Just mind the > gaps, and careful with NPAPI! I am able to review and advise XUL+XPCOM > code for security.. But for NPAPI, we'll need someone else. > > Anyone on-list have any expertise with processing untrusted DOM > data in NPAPI, and then rendering output safely in browser windows? > Sounds like a minefield to me, but perhaps it's safer and easier than > I expect?
Should we start about thinking on how to plan for implementation? Eventually how to follow an approach for a proposal? Should we try to create a single ticket with a proposal for implementation and for security requirements/evaluation/tasks. Or it's better to create multiple-tickets, for as many as could be the features provided? For example: - WebPG inclusion - Key Management menu - File Encryption/Decryption - Web Form encryption/descryption and then on each of them (tickets) discuss about: - Security consideration/sandboxing to be done - Functional specifications (how it should behave properly) Even making a summary of this thread would allow to summarize most of the feeling, doubt and TODO that would be required? What do you think? -naif _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
