科技回声

7 条评论

Given that they've already decided to include support in Chrome itself for accessing USB hardware security tokens for U2F, I see no reason why they couldn't do the same with End to End + OpenPGPCards like the Yubikey NEO, which happens to also be a U2F device.It would provide a solution to some of the issues they document on their own Wiki regarding secret keys being stolen by an attacker through another Chrome extension, another application on the system, etc.EDIT: YES! I missed this part[1] in the Wiki earlier:"Additionally, we plan to add remote private key support in the future. When support for that is ready, high-risk users could protect their secret keys (stored, e.g., in a hardware USB device) from compromise even when an adversary introduces a backdoor in the source code."[1] <a href="https://github.com/google/end-to-end/wiki/Threat-model#backdoor-in-end-to-end-source-code" rel="nofollow">https://github.com/google/end-to-end/wiki/Threat-model#backd...</a>

jMyles超过 10 年前

I mean, this seems just straight amazing, right? Am I missing something?Obviously Google is pivoting on a number of fronts; if this enjoys wide adoption (unlikely as that may seem at the moment), they'll have to basically retreat from email content analytics, right?

评论 #8759683 未加载

评论 #8760353 未加载

评论 #8764714 未加载

评论 #8769835 未加载

评论 #8761244 未加载

jmnicolas超过 10 年前

> We’re migrating End-To-End to GitHubA bit off-topic but it seems to me that Github is fast becoming a "too big to fail" actor.

评论 #8762211 未加载

driverdan超过 10 年前

Can anyone who has been using End to End provide some feedback and additional info about it? The docs (and blog posts) don't really say much other than it encrypts text.

Fastidious超过 10 年前

How could a regular user start using this (unless it is not ready at all for the "fearless ones")?

sft超过 10 年前

I wish they would stop calling it End-to-End, it's misleading, they don't talk about DNS at all. One weak link in the chain means the entire chain is weak.

评论 #8760375 未加载

higherpurpose超过 10 年前

I hope they don't work too hard to making it compatible with PGP (and probably shouldn't at all). Just through Gmail and Yahoo alone adopting it, the end-to-end encrypted e-mail user base could increase by 100x. So it makes little sense to make it backwards compatible, especially if that creates potential security issues.

评论 #8759992 未加载

7 条评论

mrsteveman1超过 10 年前

jMyles超过 10 年前

评论 #8759683 未加载

评论 #8760353 未加载

评论 #8764714 未加载

评论 #8769835 未加载

评论 #8761244 未加载

jmnicolas超过 10 年前

> We’re migrating End-To-End to GitHubA bit off-topic but it seems to me that Github is fast becoming a "too big to fail" actor.

评论 #8762211 未加载

driverdan超过 10 年前

Can anyone who has been using End to End provide some feedback and additional info about it? The docs (and blog posts) don't really say much other than it encrypts text.

Fastidious超过 10 年前

How could a regular user start using this (unless it is not ready at all for the "fearless ones")?

sft超过 10 年前

I wish they would stop calling it End-to-End, it's misleading, they don't talk about DNS at all. One weak link in the chain means the entire chain is weak.

评论 #8760375 未加载

higherpurpose超过 10 年前

评论 #8759992 未加载

An Update to End-To-End

7 条评论

An Update to End-To-End

7 条评论