Re: security of a client-side JS API?

Hi Mountie,

> I think End-to-End encryption is easily implementable with current webcrypto
> API spec.

My feeling is that truly private, end-to-end encryption using the
WebCrypto API (or indeed any JS crypto library) is only possible if
implemented in an open-source browser extension, such as Cryptocat. As
far as I can tell, it is not possible in a web app using the WebCrypto

> standardization for E2E is diffucult issue.

Probably, but some reasonably simple standards should be possible. For
example, encrypting/decrypting text and encrypting/decrypting files
look like two relatively simple and fairly general use cases.

Best regards,

Received on Thursday, 1 November 2012 16:05:30 UTC