Hacker News new | ask | show | jobs
by mschuster91 4664 days ago
This can protect against malicious browser extensions recording POST/GET-transmitted data (toolbars!!!), as the content will be encrypted at that stage.

Furthermore, this helps against content disclosure if the server is compromised.
1 comments
fooyc 4664 days ago
If your browser is untrusted, you are doomed.

> Furthermore, this helps against content disclosure if the server is compromised.

If the server is compromised, openpgp.js is compromised too.

link
willvarfar 4664 days ago
Presuming the private key for the messages is not on the server, then old messages will not be compromised.

A kind of perfect secrecy for messages.

link
fooyc 4664 days ago
No need to do this on the client side then (that was my point)
link
willvarfar 4664 days ago
You could do the exact same thing on the server, but that's using server's CPU instead of clients?
link
manojlds 4664 days ago
Forward secrecy with https? https://community.qualys.com/blogs/securitylabs/2013/08/05/c...
link
willvarfar 4664 days ago
yeah its often called perfect forward secrecy - PFS - too.

http://en.wikipedia.org/wiki/Perfect_forward_secrecy

link