[liberationtech] Heml.is - "The Beautiful & Secure Messenger"
Mitar
mmitar at gmail.com
Thu Jul 11 05:03:18 PDT 2013
Hi!
On Thu, Jul 11, 2013 at 3:32 AM, danimoth <danimoth at cryptolab.net> wrote:
> If yes, ask yourself why *crypto design schemes and implementations are
> open and widely known, and only keys are secret.
As I wrote. You can have client code which does crypto open source,
but server side does not need to be open source. In fact this is an
argument for my position about central server: if crypto is done
properly on the client, it should not matter if the server is open
source or not - messages are still secure. And this is my whole
argument: that if the client is done properly, you don't have to think
how the server is implemented for security.
>> centralized
>
> Another ideological argument? Do I need to cite wikipedia? Or "SPOF" is
> enough?
But you might have to think about availability, yes. But security of
messages content, this is probably doable even with central server.
As I wrote, the issue I am having is about meta-data - who is sending
to who. This is problematic with central server. Not the messages
themselves.
BTW, messages could also be send directly and central server could be
used just for signaling between clients. We really don't know anything
about the architecture at this point. What I am saying that there are
also some valid schemes involving central server, where source code of
the central server does not have to be open source that you can make
some claims about security properties of the system. Yes, it might be
better that it is open source, but it might not be required to be able
to know the security properties.
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
More information about the liberationtech
mailing list