I'm completely missing a discussion about federation. Sure TextSecure and iMessage solve UX in a great way. But what about business requirements that email/PGP does solve? More in our blog post here:
We're currently in the process of simplifying the key sync spec. The new version will store your private key encrypted with a strong random passphrase in IMAP. So it's similar to your dropbox proposal, but with a UX that leads users along the way.
Felix and me will be at the event in April as well. So we can chat there.
We think keybase's concept is great and also look forward to what the E-2-E developers are coming up with for certificate transparency. Our only concern is, that these concepts are not open and backwards compatible to current key server solutions. This would create an island... and we've been sitting on our own small island up until now with our closed key server solution.
Sure if Google and Yahoo launch their concept it might exceed any marketshare that HKP might have had. But unless there is an open standard where small guys like us can latch onto, it's going to be hard to get vendors on board.
I'm a contributor to OpenPGP.js. I understand your choice as the code was indeed in quite bad shape several months ago. I do want to point out though, that the code has gone through a big refactoring an cleanup since then:
https://github.com/openpgpjs/openpgpjs/releases
Having said that, a consistent rewrite using typed array and native web crypto apis under the hood does indeed sound very reasonable. I saw that native web crypto is not used throughout. What are your plans in regards to web crypto?
Also what is the predicted timeline for getting End-to-End into a production ready state? We would be quite interested in using it as a standalone library in our Chrome Packaged App: https://whiteout.io
The plan is to use WebCrypto if it's available. We've moved RSA to WebCrypto, and the next targets are ECDH and ECDSA.
> Also what is the predicted timeline for getting End-to-End into a production ready state? We would be quite interested in using it as a standalone library in our Chrome Packaged App: https://whiteout.io
I can't tell you about our timeline for the extension. But if you just want to use the crypto library, you may want to wait for a couple of weeks, just to make sure none discovers any serious vulnerabilities.
I like WhiteOut. It's a great product in the right direction. We really want and will support the usage of the library in products like yours.
Thanks for for reply. I'm wondering if you know if it's possible to use the AES-CFB mode from the Web Crypto Apis, since the OpenPGP CFB (resync) mode seems to have special requirements?
> I like WhiteOut. It's a great product in the right direction. We really want and will support the usage of the library in products like yours.
Thanks! Is there a guide somewhere that explains how to build the standalone lib?
> Thanks for for reply. I'm wondering if you know if it's possible to use the AES-CFB mode from the Web Crypto Apis, since the OpenPGP CFB (resync) mode seems to have special requirements?
I haven't looked into it.
> Thanks! Is there a guide somewhere that explains how to build the standalone lib?
No, there isn't. But can you file a bug with us? I'll make sure we have something for you.
https://blog.whiteout.io/2015/02/25/pgp-theres-life-in-the-o...