This is an example where a short answer is better than a long answer. There is so much detail provided by the CEO in his explanation, that it is very difficult to understand the outline of the protocol and structure of the system. Security does not derive from complexity, but rather a careful analysis of the potential attacks and their difficulty.<p>So, rather than allay fears about his service, I'm left feeling more skeptical about their claims.<p>I would love hear from people more versed in cryptographic key exchange protocols as to the basis for their claims.<p><i>And, seriously, a Michael Scott protocol?</i>
I think the crypto behind this is valid; weaknesses would be in implementation or in bypassing it.<p>There isn't anything inherently browser based about this.<p>I'm not a huge fan of browser based security (I know just enough appsec to be terrified).<p>If they had an API, it would be fun to do a secure mobile client for it (I trust iOS security way more than PC browsers..). There is less point when you have a client (just as easy to build some kind of key server with locally stored keys), but being able to send messages to future users is a nice trick.)<p>It looks like an interesting use of HSMs. I'm curious if they do real crypto in the HSM or just use it to protect a bootable VM. If it is just a VM, there are a lot more attacks possible.
All these acronyms for a browser-based service? Even if you trust this company to have good intentions, it seems that the weakest link by far is the possibility of an XSS, a malicious extension, or a CA compromise. And of course the whole thing depends in multiple ways (verifying your identity, logging in if you clear localStorage, etc.) on the security of your inbox. Their crypto and protocol might be fine, but they should be more forthcoming about the many pieces of software that you are trusting when you use their service. I skimmed their whitepaper but didn't see any mention of the ways that they or someone else could in fact see your data.