[liberationtech] Heml.is - "The Beautiful & Secure Messenger"

[Mitar]

Hi!

On Thu, Jul 11, 2013 at 6:25 AM, Albert López <newbiesworld at hotmail.com> wrote:
> Ok, I understand what you mean. But why rely in a client-server approach
> when you can achieve your goal with a peer to peer solution?

Their answer is:

"The way to make the system secure is that we can control the
infrastructure. Distributing to other servers makes it impossible to
give any guarantees about the security. We’ll have audits from trusted
third parties on our platforms regularily, in cooperation with our
community."

Which is a bit hand-wavy if we assumed that server code can be closed
source if client part is done well enough that you don't have to think
about the server side and you still know that you are secure. :-)

But my main and almost only argument was, that I think we should wait
for a bit more concrete information before discarding the idea. At
least I can imagine plausible ways to implement the system securely
and having it known security properties while retaining part of it
closed source and centralized. But we don't know much to make any real
claims. What is interesting though, is that:

"We are building Heml.is on top of proven technologies, such as XMPP with PGP."


Mitar

-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m