> So far, as far as I can see, you're not even inflicting PGP on us
> here, let alone your friends.
I did for a while, but then I moved hardware and didn't see any reason
to set up PGP again. At best, it was a signal to people that I cared
about security/privacy, at worst it was making everything I posted
non-repudiable for no useful reason.
The fact that miniLock is authenticated but repudiable makes it a better
bet for PGP-usecase purposes *anyway*, and my minilock ID is in my
signature (again, had lapsed by accident) for people who want to use
miniLock outside of peerio.
But, miniLock isn't (opportunistic pun) "turn-key", it requires
launching, authenticating, dropping a file to encrypt, typing in a
miniLock ID to encrypt to (encrypting to yourself probably makes it
non-repudiable if someone acquires your private key, beware!),
downloading the encrypted file, and then transmitting the encrypted file
out-of-band.
Now, implementing Peerio server is something I endorse. If I weren't too
busy, I'd investigate doing it myself, it looks like fun. If anyone does
feel like it, they have miniLock for JS-based servers, and deadLock for
Python-based servers (needs some work/bugfixes).
On 15/01/15 16:44, rysiek wrote:
Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
If the server code were open, how would you know the server was actually
running that code anyway?
Not much. But it would allow others to run the server code and offer similar
service, at the very least.
Having the protocol documented so thoroughly makes the task of writing an
alternative server trivial if time-consuming. I'd obviously prefer the
server were AGPL, and I hope someone will write an AGPL'd server and
federation.
Of course. The "time-consuming" part is what bothers me. I *could* throw in an
hour or two to set-up a peerio server had the code been available; I have
absolutely *no way in hell* of throwing in days or weeks of work to implement
their protocol.
For now though, the client is open source, the crypto doesn't suck, the
UX is excellent, and the threat model is pretty transparent. I'm *never*
going to inflict PGP on friends, but I'll happily inflict this on them.
So far, as far as I can see, you're not even inflicting PGP on us here, let
alone your friends.
--
Twitter: @onetruecathal
Phone: +353876363185
miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
peerio.com: Use email or phone. Uses above miniLock key.
