OMG that too bad !
Lemmy that is federated and LOSS use github to track the bugs :/
Too bad I don't have an account. So anyone, feel free to report this bug.
Thanks.
If the computer of the Visitor is already compromised ! your simulation can stop there I think...
My scenario assume that the visitor computer is not compromised.
But let say his traffic get intercepted. Sure a hacker can send his PubKey (2)
but in (3) the visitor (should) have already the PubKey of one (or few) verification server. So it should not be possible for an hacker to interfer with the communication (3) right ?
The key ( it's hash ) is compared with at least two "verification" server , if they all return a positive match, the visitor can use the pub key to initiate.
The "verification servers" grab the public key directly from the Web server.
I say forced, because so far it's only that Prehistoric JS available for the front-end, HOPEFULLY there is some coming kick-ass technology to get rid of JS --> https://brython.info ❤️
Thank you @Vilian@lemmy.ca Seem great, I'll keep it for later :)
But not for what I need now, as
and it's a "full" client, I need just the SMTP functionality.