| > I don't understand the question. Let me break that down for you: 1) formulate an argument for a setting in which content-controlled browser Javascript is a sensible place to deploy cryptography. 1.a) Give yourself the full benefit of every facility the web programming model gives you, up to the limit of installing browser extensions. 2) What's a system like (1) that has worked well, and would be resilient to a determined adversary? So, he's claiming to have shown that content-controlled browser javascript crypto is worse that useless because it allows good people to inadvertently leak secrets. All you have to do to prove him wrong is just tell him a use case where it would make sense and then cite an example where that worked well* and would be resilient to a determined* adversary. So, all you have to do is say "chatcrypt.com's use case makes sense and chatcrypt rocks. Here I show that it is unbreakable until long after the stars cool, and no amount of kneecap cryptography will lessen the adversery's burden." * He's giving you two wiggle words already, you can define them however you'd like. |