Web-apps in the browser can't be used for encryption because in that model the server is always trusted to send whatever code it wants. That defeats the point of end-to-end encryption. That's why Mailvelope is a browser add-on and webmail clients don't just embed openPGP.js. This way they can create releases of the crypto-code and distribute them over trustworthy channels.If Isolated Web Apps (IWAs) take off, it may become an option.
No comments yet.