---------- Forwarded message ---------- From: Lee Azzarello <l...@guardianproject.info> Date: Sat, Sep 14, 2013 at 8:12 AM Subject: Re: [guardian-dev] Fwd: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies) To: Nathan of Guardian <nat...@guardianproject.info> Cc: guardian-dev <guardian-...@lists.mayfirst.org>
We have a federated telephony system and there is a draft to standardize ZRTP for key agreement in WebRTC. So that's going well. -lee On Sat, Sep 14, 2013 at 9:05 AM, Nathan of Guardian <nat...@guardianproject.info> wrote: > > > ________________________________ > From: "Fabio Pietrosanti (naif)" <li...@infosecurity.ch> > Sent: Sat Sep 14 06:03:19 EDT 2013 > To: liberationtech <liberationtech@lists.stanford.edu> > Subject: [liberationtech] The missing component: Mobile to Web > interoperability (in Internet Freedom Technologies) > > Hi all, > > i would like to notice that in those "internet freedom space" there's a > missing component in the communication security landscape, that's the > ability to interoperate between "Web" and "Mobile" for communication > security technologies. > > The user have only those two platform, a browser and a mobile phone with > downloadable apps. > Everything else requiring to install an application over a desktop computer > is IMHO destinated to be a total failure. > > So, if that's a valid assumption, we need focus on having "internet freedom > technologies" working on a web browser and as mobile phone apps, being > interoperable among them > > Everything else is IMHO a waste of time and money. > > Let me identify 3 major area where those kind of stuff should apply: > > Realtime Instant Messaging: > Web Browsers support, trough CryptoCat, realtime instant messaging with OTR > Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime > instant messaging with OTR > > The GAP is: The technologies are not "interoperating by default" but they > could and should do it, by default. > > Voice: > Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications. > Mobile Clients now speak ZRTP for encrypted communications. > > The GAP is: We need Mobile Clients that interoperate with Web Browsers > trough WebRTC, within a federated telephony system. > > Asyncronous Instant Messaging: > That's a major issue, because there's no easy end-to-end encryption standard > handling asyncronous messaging with PFS (SMS-like experience), and each > vendor is going with it's own custom implementation. > RedPhone used it's own approach: > https://whispersystems.org/blog/asynchronous-security/ > Silentcircle used it's own approach: > https://business.silentcircle.com/scimp-protocol/ > > There's not event an interoperable and standard way to do secure Asyncronous > instant messaging (SMS or skype like experience), with end to end encryption > and forward secrecy. > > The only "standard" alternative is to use email with OpenPGP, but without > any kind of "forward secrecy" > > The GAP is: We need to first research and agree on an IETF standard for that > technology, then have it implemented over Mobile phones and Web Browsers. > > > I hope this short analysis would trigger a discussion and/or a brainstorming > by our ecosystem player on which could be some priority to work on, looking > for a challenging interoperability between a Web Browsers and Mobile phones. > > -- > Fabio Pietrosanti (naif) > HERMES - Center for Transparency and Digital Human Rights > http://logioshermes.org - http://globaleaks.org - http://tor2web.org > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. > > > _______________________________________________ > Guardian-dev mailing list > > Post: guardian-...@lists.mayfirst.org > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: guardian-dev-unsubscr...@lists.mayfirst.org > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info > > You are subscribed as: l...@guardianproject.info > _______________________________________________ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/ycompanys%40gmail.com You are subscribed as: ycompa...@gmail.com -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.