Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:It's not a working draft... (Score 2) 63

I have built a working extension that provides 'window.mozCrypto', which does SHA2 hash, RSA keygen, public key crypto and RSA signature/verification, see: and source: I plan on updating the extension once the Draft is more settled (after a first round of commentary & iteration)

Comment Re:Secure JavaScript crypto environment? (Score 1) 63

CSP will be a huge help in reducing attack vectors. Another thing is the key material being unavailable in the DOM. Current JS libraries do not have the option of making all key references opaque and truly hiding the private and secret key material from the DOM. This spec allows the browser to only ever reference key IDs instead of the actual key material.

Comment Re:obvious question (Score 2) 63

You will create keypairs and exchange public keys via a web app. Via the API, you will be able to create digital signatures to help with user verification. This API is not being promoted as a silver bullet for security and privacy, however, when used in conjunction with other browser features like CSP ( ) - and I imagine new browser features we still need to figure out (perhaps secure input and reading widgets), we hope to enable more secure web applications. I want to underscore that this API is just the first piece of the pie. Taming and being able to trust the DOM is not going to be easy.

Submission + - Trans Pacific Partnership Threatens Freedom Online

pafein writes: "Hot on the heels of the SOPA blackout and ACTA protests in Europe comes reports about a new threat to online freedom, the Trans Pacific Partnership Agreement or TPP. A trade agreement covering a dozen Asian, North & South American countries, TPP is being negotiated this week in a Hollywood hotel. It contains many of the most troubling provisions of other online anti-piracy bills: prohibitions on circumventing digital locks, three strikes rules, domain seizures, criminal penalties for peer-to-peer filesharing, as well as new ones, including treating temporary copies as copyright infringement, a proposal experts called 'crazy'. Offline, worries have been raised that TPP threatens access to generic drugs in developing countries and enables corporations to sue governments over health, environmental and other laws.

The treaty is characterized by a lack of transparency: the proposed text is only known by leaks while documents from negotiations would be secret for four years after adoption. The dates and locations of negotations themselves are secret: NGOs who tried to hold an event in the hotel were thrown out by the US Trade Representative; meanwhile, negotiators went on an MPAA sponsored tour of a movie studio. TPP has already attracted the attention of L.A.'s Occupy movement; concerned Netizens are encouraged to contact the USTR and their senator."

Slashdot Top Deals

Unix soit qui mal y pense [Unix to him who evil thinks?]