[liberationtech] About "Confide"
Jonathan Wilkes
jancsika at yahoo.com
Sun Apr 27 09:39:37 PDT 2014
Astronomy, astrology-- at this point I am pretty much universally disgusted by anything publishing conclusions without clear data to back it up.
Neither is perfect at describing the universe, so there's plenty of blame to go around. We should try to focus less on ideology and more on improving the world as if we lived in a vacuum.
-Jonathan
On Sunday, April 27, 2014 8:19 AM, Tom Ritter <tom at ritter.vg> wrote:
On 26 April 2014 17:18, Shava Nerad <shava23 at gmail.com> wrote:
> Anyone who is lauding the verifiability of open source security software had
> best show that their code has been regularly and thoroughly audited.
Open source, closed source - at this point I am pretty much
universally disgusted by any project who uses the term 'end to end
encryption' without bothering to answer the UNIVERSAL, OBVIOUS
question, of "How do I know I'm talking end-to-end to the right
person?", "How is authenticity established?" "Can you replace my
friend's keys?", however you want to phrase it.
You can only get authenticity through:
- Pre-Shared Secret shared confidentially*
- Fingerprints/Keys previously exchanged authenticated-but-not-confidentially
- 'Trusted' Third Party
If a mobile app claims end to end encryption, but doesn't do something
like display fingerprints, require QR codes scanned in person, or ask
a 'secret question' of you or your friend - they use Trusted Third
Party and thus are no more 'end to end encrypted' than Apple iMessage.
-tom
* There are a few variants of this, like recognizing your party's
voice (ZRTP), SMP question/answer (OTR), prior key material (also
ZRTP), etc
--
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140427/00d1d0e8/attachment.html>
More information about the liberationtech
mailing list