It's great to see them making the effort, but why not notify the OpenPGP.js with the outcome of a security evaluation? (I'm not aware of any other active javascript openpgp implementation, so I assume that's what you're referring to.) I've been following OpenPGP.js for a while and I've not seen anything from Google.
OpenPGP.js is not an amazing code base, I know this for sure. Perhaps a rewrite was the only way to salvage it.
I wonder why they didn't release the library independent from a browser extension. A brief look at the directory structure makes it seem that it wouldn't be too hard to decouple the OpenPGP implementation from the extension.
In any case, this is a big win for privacy. Reinventing the wheel or not.
OpenPGP.js is not an amazing code base, I know this for sure. Perhaps a rewrite was the only way to salvage it.
I wonder why they didn't release the library independent from a browser extension. A brief look at the directory structure makes it seem that it wouldn't be too hard to decouple the OpenPGP implementation from the extension.
In any case, this is a big win for privacy. Reinventing the wheel or not.