Conversation:
Notices
-
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 11:51:01 EST 
rysiek
Dear @CryptoParty, we should have a !StatusNet server for all our CryptoParty<location> accounts. Let's be available on the libre side! -
zoowar (zoowar)'s status on Thursday, 27-Dec-2012 12:19:38 EST 
zoowar
How ironic. "Encrypt all things", yet #statusnet doesn't support https. -
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 13:09:00 EST
rysiek
@zoowar your help in setting up a nice HTTPS-supporting StatusNet instance for @CryptoParty would be invaluable. :) -
zoowar (zoowar)'s status on Thursday, 27-Dec-2012 13:16:37 EST
zoowar
You should be looking for user-agent to user-agent encryption. In this case the "social stack" would not matter. -
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 13:19:12 EST
rysiek
@zoowar well, you can't really do that well in pure JS bit.ly/IUAT6c so until browser have a nice crypto API, not really doable. -
zoowar (zoowar)'s status on Thursday, 27-Dec-2012 13:30:44 EST
zoowar
It can be done. I've done it myself with http://ur1.ca/cb3u2 -
zoowar (zoowar)'s status on Thursday, 27-Dec-2012 13:37:52 EST
zoowar
The conclusions in the article are derivative of an assumption that ssl/tsl is "expensive and complicated". A fedweb mitigates this... -
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 13:40:47 EST
rysiek
.@zoowar nope. the assumption is that JavaScript is a bad platform for crypto, because of a number of attacks possible. -
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 13:41:39 EST
rysiek
@zoowar it's not that it's impossible to write a working JS crypto lib. it's impossible to write a safe one, and distribute it safely. -
rysiek (rysiek)'s status on Thursday, 27-Dec-2012 13:43:00 EST
rysiek
.@zoowar I would suggest reading the article more closely, esp. the "safe delivery chicken-and-egg problem" part.
-
All Hacker Poesy content and data are available under the