On 08/09/2013 21:51, Perry E. Metzger wrote:
> On Sun, 8 Sep 2013 14:50:07 -0400 Jerry Leichter <leich...@lrw.com>
> wrote:
>> Even for one-to-one discussions, these days, people want
>> transparent movement across their hardware.  If I'm in a chat
>> session on my laptop and leave the house, I'd like to be able to
>> continue on my phone.  How do I hand off the conversation - and the
>> keys?
> I wrote about this a couple of weeks ago, see:
> http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html

Which is pretty spot-on and one of my biggest gripes about OTR. It just
doesn't mesh at all with user's expectations.

> In summary, it would appear that the most viable solution is to make
> the end-to-end encryption endpoint a piece of hardware the user owns
> (say the oft mentioned $50 Raspberry Pi class machine on their home
> net) and let the user interact with it over an encrypted connection
> (say running a normal protocol like Jabber client to server
> protocol over TLS, or IMAP over TLS, or https: and a web client.)

Sounds like another Freedom Box...

Anyway, if we consider each device an end-point to a group-chat that has
to be verified at least once by another end-point (and that is a
somewhat doable thing, e.g. the socialist millionaire's problem), what
about having end-points being able to vouch for other end-points?

For example if I introduce my smartphone to an already existing instant
messaging chat, I can vouch for it through my PC and if other end-points
already trust my PC, there is no reason not to trust my smartphone either.

If this is a dumb idea, feel free to point it out.



The cryptography mailing list

Reply via email to