undefined | Better HN

0 pointsread12y ago0 comments

tptacek, can you suggest a design for end-to-end email encryption delivered through a browser?

As theboss mentioned [1], is:

(a) browser crypto theoretically impossible, is it

(b) that something's practically from browsers today (like build-in crypto code) for a practical solution, or is it

If I understood you correctly, you alluded verification might be possible [2] but it seems there isn't yet a clear description or understanding of what's possible and what's not.

[1] https://news.ycombinator.com/item?id=7757892

[2] https://news.ycombinator.com/item?id=7757678

0 comments

2 comments · 1 top-level

tptacek12y ago· 1 in thread

Verification isn't possible in modern browsers. This is an inherently hard problem, one that has caused some people who've launched carefully-designed encrypted mail systems to abandon the effort.

readOP12y ago

Am I understanding you correctly that verification IS possible in browsers, just not the existing modern ones (e.g. because of limitations in the existing modern ones) and that browser crypto is possible?

(I recognize it might inherently be a hard problem, but hard does not equal impossible. I also recognize there are benefits to a simpler solution that can outweigh the benefits of a harder solution.)

j / k navigate · click thread line to collapse