undefined | Better HN

0 pointsfooyc12y ago0 comments

If your browser is untrusted, you are doomed.

> Furthermore, this helps against content disclosure if the server is compromised.

If the server is compromised, openpgp.js is compromised too.

0 comments

Presuming the private key for the messages is not on the server, then old messages will not be compromised.

A kind of perfect secrecy for messages.

fooycOP12y ago

No need to do this on the client side then (that was my point)

You could do the exact same thing on the server, but that's using server's CPU instead of clients?

yeah its often called perfect forward secrecy - PFS - too.

j / k navigate · click thread line to collapse