[remy_]

Because if you serve the library responsible for the encryption from the server, an attacker can perform a man in the middle attack and change that library. This will change when browsers will start implementing the web crypto api. https://www.w3.org/TR/WebCryptoAPI/

[eganist]

The concern is less MITM and more a compromise of the server, but close enough. Check my parallel response to Omnipresent's comment.

[remy_]

Fair enough, whatever is the easiest for the attacker :). I'm checking Cyph and its "Trust On First Use" concept. Very interesting.

[eganist]

If you're dropping by defcon, you should catch the talk. There'll be very little focus on this mechanism specifically since we want to share a bunch of things people can actually freely use (and this isn't one of them), but you can catch Ryan afterwards and spark a conversation to find out more.