>And finally, if the private key really is generated on your service, we can just pack up and go home.
Yeah, thankfully that key is generated client-side (in the browser) when you register. Seems pretty end-to-end to me.
(And sure, you could always worry that the server will serve you malicious JS while you're registering to steal your client-side-generated key, but that would be pretty suicidal for any company, not a very realistic threat!)
Yeah, thankfully that key is generated client-side (in the browser) when you register. Seems pretty end-to-end to me.
(And sure, you could always worry that the server will serve you malicious JS while you're registering to steal your client-side-generated key, but that would be pretty suicidal for any company, not a very realistic threat!)