Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Feature Request - A common client interface for PGP, built into the browser

  • 2 replies
  • 1 has this problem
  • 6 views
  • Last reply by FredMcD

more options

Check out this paper from 1995, pay attention to the broader concept, not the 23 year old implementation suggestions. https://www.w3.org/Conferences/WWW4/Papers2/245.html

Here's a reddit post I've made about this concept: https://www.reddit.com/r/compsci/comments/a019qi/ccibased_web_security_a_design_using_pgp_1995_23/

and here's the video that reignited this idea that I've had in my head for years: https://www.youtube.com/watch?v=DM1tPmxGY7Y


First, let me start out with an example about how a browser handles content. An input slider has a child element that is inaccessible from the DOM (the part that you drag). The content inside it is simply inaccessible from served javascript.

If there were a new element created to relay encrypted data, the browser could decrypt them in a secure fashion. This could be used for anything from cryptocurrency in the web to messaging, really any communication of data. What it would do is remove trust from the service providing the encrypted data to decrypt it safely, and rather than having the poor ux experience of using the GPG command line, keychains could be stored with the browser. If this were a standard, it would make services like protonmail look like they're run by the NSA

For inexperienced users who would resort to web-based javascript pgp decryption, it would improve security ethic by promoting an easier, safer way

My initial thought was something like a closed shadow dom created by a browser extension, and though it may be possible to make decrypted text unreadable by XSS/attacker js in this way, it's not necessarily recommended, as for example the function that creates the closed shadow dom element could potentially be overridden by an attacker. This is why I think it should be built into the browser. Something like Mozilla, TOR, or the w3c would be a good starting point for a project like this.

https://blog.revillweb.com/open-vs-closed-shadow-dom-9f3d7427d1af https://developers.google.com/web/fundamentals/web-components/shadowdom#closed

Check out this paper from 1995, pay attention to the broader concept, not the 23 year old implementation suggestions. https://www.w3.org/Conferences/WWW4/Papers2/245.html Here's a reddit post I've made about this concept: https://www.reddit.com/r/compsci/comments/a019qi/ccibased_web_security_a_design_using_pgp_1995_23/ and here's the video that reignited this idea that I've had in my head for years: https://www.youtube.com/watch?v=DM1tPmxGY7Y First, let me start out with an example about how a browser handles content. An input slider has a child element that is inaccessible from the DOM (the part that you drag). The content inside it is simply inaccessible from served javascript. If there were a new element created to relay encrypted data, the browser could decrypt them in a secure fashion. This could be used for anything from cryptocurrency in the web to messaging, really any communication of data. What it would do is remove trust from the service providing the encrypted data to decrypt it safely, and rather than having the poor ux experience of using the GPG command line, keychains could be stored with the browser. If this were a standard, it would make services like protonmail look like they're run by the NSA For inexperienced users who would resort to web-based javascript pgp decryption, it would improve security ethic by promoting an easier, safer way My initial thought was something like a closed shadow dom created by a browser extension, and though it may be possible to make decrypted text unreadable by XSS/attacker js in this way, it's not necessarily recommended, as for example the function that creates the closed shadow dom element could potentially be overridden by an attacker. This is why I think it should be built into the browser. Something like Mozilla, TOR, or the w3c would be a good starting point for a project like this. https://blog.revillweb.com/open-vs-closed-shadow-dom-9f3d7427d1af https://developers.google.com/web/fundamentals/web-components/shadowdom#closed

Modified by askalice

All Replies (2)

more options

Unfortunately this forum is for End User support or find a way to email them your request.

more options

Hi,

The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. Your feedback gets collected by a team of people who read it and gather data about the most common issues.