[Cryptography] Can Google's new "End to End" leak plaintext via the DOM? [was: Re: [liberationtech] Mailvelope: OpenPGP Encryption for Webmail]
Brian M. Waters
brian at brianmwaters.net
Thu Jun 12 17:06:45 EDT 2014
On Thu, 12 Jun 2014 21:36:15 +0100 (BST)
StealthMonger <StealthMonger at nym.mixmin.net> wrote:
> > I'd expect a crypto add-on to only accept plaintext (and other
> > sensitive) information via separate GUI that can only be launched
> > manually (not via javascript in an app's DOM) and has a
> > hard-to-imitate look-and-feel (to discourage phishing). The only
> > communication between this add-on and the rest of the browser
> > should be via the clipboard. Users who can't handle copy/paste
> > shouldn't be trusted with a key pair :)
>
> A prominent new entry in OpenPGP encrypted webmail is Google's
> "end-to-end" [1,2]. Does it avoid this issue? How?
In principle, the copy/paste "air gap" is not strictly necessary, since
the browser should be able to isolate such a widget from the DOM, by
implementing it as a first-class browser feature. (I picture a scenario
where the user types into the encryption widget, selects a text box on
a webpage, and clicks the "inject" button on the widget. The widget
then auto-types the ciphertext into the webpage.)
However, in reality, browser extensions are implemented in
HTML/CSS/JavaScript, just like web pages, and I am not sure how much
isolation they really get from the DOM. (It probably varies from one
browser vendor to another.) In the case of End-to-End, my understanding
is that the plugin authors have done some IFrame tricks to make the
user's plaintext inaccessible to any web application.
However, I have to wonder how complete that separation really is. When
I get time to play with End-to-End, that's one of the first places I'll
be looking at.
BW
--
Brian M. Waters
Burlington, Vermont, USA
+1 (908) 380-8214
brian at brianmwaters.net
https://brianmwaters.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140612/adf4cff0/attachment.sig>
More information about the cryptography
mailing list