[kwlug-disc] Secure IM news
Hubert Chathi
hubert at uhoreg.ca
Wed Nov 23 17:00:17 EST 2016
On Wed, 23 Nov 2016 16:28:32 -0500, Nick Guenther <nguenthe at uwaterloo.ca> said:
> Le 23 novembre 2016 11:31:27 HNE, "locklin.jason at gmail.com"
> <locklin.jason at gmail.com> a écrit :
>> the ability to do e2e encrypted group IM.
>> https://medium.com/@RiotChat/exciting-new-riot-release-get-ready-for-chatting-securely-acc93ecfe0a
> I am suspicious here; encrypted group chat is really hard. Does the
> server hand out keys when new people join?
AFAIK, other participants send out keys when someone joins. Obviously,
the server can't hand out keys because the server doesn't have any
keys.
> They say users can blacklist each other, but blacklists are weak: just
> come back under a different key. And it's claiming end-to-end
> encryption, but for the same reason the server could generate fake
> users at will. If they have or add a whitelist mode, every new user
> would have to be approved by every other new user; maybe users could
> delegate their trust to an OP deciding on who to whitelist, though.
Their end-to-end encryption is in beta. It currently operates in a
blacklist mode, but there are plans for a whitelist mode as well. A
They've been focusing mostly on the technical aspect of end-to-end
encryption, and will be giving some attention to the UX side now that
it's in beta.
> It's a step up from before, but I am wary of overselling it's security
> and getting people snagged.
More information about the kwlug-disc
mailing list