[liberationtech] Broadcast Anonymous Routing

Randolph rdohm321 at gmail.com
Tue Aug 19 11:02:34 PDT 2014 

2014-08-19 19:26 GMT+02:00 Travis Biehn <tbiehn at gmail.com>:
> because XMPP supports federation along a mix of TLS and
> plaintext interconnects that OTR is therefore susceptible to a man in the
> middle attack. This is absolutely correct.. XMPP routers may indeed be
> compromised.
>
> Key federation under the OTR scheme: in order to be confident that the
> endpoints are chatting to each other through a secure channel they must
> exchange key fingerprints out of band (then)
> both endpoints can be reasonably sure that they are communicating over
> a secure channel - regardless of the maliciousness of the XMPP routers that
> they are connecting through.
>
> The problem after key federation and the reason that these protocols (BAR,
> ECHO, A(daptive)ECHO, Clique etc) exist. They are trying to resolve the metadata
> aspect of communication. OTR protects message content but does not make any
> efforts at obscuring metadata


Dear Travis,
both must be done, using strong multi-encryption and hiding in the
crowd. If XMPP would offer real end to end encryption and not only
point to point encryption, OTR would be more secure in the phase of an
initial certificate handshake of a man in the middle attack. Offline
Messaging and receiving authenticated (which means to block
non-authenticated messages) and re-newing the encryption key per
session would be other security topics. The architecture is currently
an insecure mosaic, so it makes sense to focus on these new securtiy
protocols and research them too.
Echocasting or Broadcasting or Flooding, whatever you call the echo
protocols, could be analysed in regard of either bandwidth and further
scalability. Bandwidth could only be on a mobile a real problem, so I
wonder which of the new ideas are mobile ready. Sims.me/security
(mobile messenger by DHL Logistics) by the way has a similar
encryption architecture and sets a new standard for XMPP. But it is
not open source and graph theory is simple here; even for a round
table graph theory is quite trivial to explore:
http://en.wikipedia.org/wiki/Graph_theory
Regards Randolph

More information about the liberationtech mailing list