[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]



Quoting Yuri (2015-05-21 21:03:24)
> On 05/21/2015 00:41, grarpamp wrote:
> > This eliminates the fact that all these new centralised OpenPGP
> > webmail providers will have access to your keys/cleartext, because
> > either:
> > A) it resides there
> > B) the malware they give you to run in your browser gives it away.
> 
> On one hand, Mailpile is after security, which is great. But on the 
> other hand they use node which doesn't sign packages, therefore being 
> vulnerable to MITM attacks. I think, node js is either fundamentally 
> opposed to signing, or wants to bundle it with their commercial version, 
> or something like that. With this trade-off (convenience of node vs 
> security), Mailpile certainly doesn't look like as secure as such system 
> could be.
> 
> Node js also has the insecure command that downloads code direct from 
> github. So if some github project gets hijacked or bought out, guess 
> what will happen?

I find really funny when people rant about things without even looking on what 
they are talking about.

Mailpile does not use node, it's written in python and all the javascript of it 
is for the browser. Up to now mailpile is in a beta status and is too soon to 
value if their distribution methods are trustworthy.

-- 
Ruben Pollan  | http://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: http://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.

Attachment: signature.asc
Description: signature

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk