Feature Request - A common client interface for PGP, built into the browser
Check out this paper from 1995, pay attention to the broader concept, not the 23 year old implementation suggestions. https://www.w3.org/Conferences/WWW4/Papers2/245.html
Here's a reddit post I've made about this concept: https://www.reddit.com/r/compsci/comments/a019qi/ccibased_web_security_a_design_using_pgp_1995_23/
and here's the video that reignited this idea that I've had in my head for years: https://www.youtube.com/watch?v=DM1tPmxGY7Y
First, let me start out with an example about how a browser handles content. An input slider has a child element that is inaccessible from the DOM (the part that you drag). The content inside it is simply inaccessible from served javascript.
If there were a new element created to relay encrypted data, the browser could decrypt them in a secure fashion. This could be used for anything from cryptocurrency in the web to messaging, really any communication of data. What it would do is remove trust from the service providing the encrypted data to decrypt it safely, and rather than having the poor ux experience of using the GPG command line, keychains could be stored with the browser. If this were a standard, it would make services like protonmail look like they're run by the NSA
For inexperienced users who would resort to web-based javascript pgp decryption, it would improve security ethic by promoting an easier, safer way
My initial thought was something like a closed shadow dom created by a browser extension, and though it may be possible to make decrypted text unreadable by XSS/attacker js in this way, it's not necessarily recommended, as for example the function that creates the closed shadow dom element could potentially be overridden by an attacker. This is why I think it should be built into the browser. Something like Mozilla, TOR, or the w3c would be a good starting point for a project like this.
https://blog.revillweb.com/open-vs-closed-shadow-dom-9f3d7427d1af https://developers.google.com/web/fundamentals/web-components/shadowdom#closed
Diubah
All Replies (2)
Unfortunately this forum is for End User support or find a way to email them your request.
Hi,
The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.
If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. Your feedback gets collected by a team of people who read it and gather data about the most common issues.