On Sun, Sep 25, 2016 at 1:47 AM, Hiltjo Posthuma <hil...@codemadness.org> wrote: > On Sat, Sep 24, 2016 at 10:44:33PM -0700, Louis Santillan wrote: >> Has anybody considered seif [0][1]? >> >> I disagree with the choice of nodejs & Qt, and the idea of capturing >> entropy from microphone and camera are interesting but gameable. I >> think the overall concept is viable. >> >> [0] (Repo) http://www.seif.place >> [1] (Talk) https://www.oreilly.com/ideas/the-seif-project >> > > Can you give a (brief) background information what the project does?
Sorry, not brief. The talks, the code [0][1] and the lone protocol document [2] say it best. A little what like the HTTPSSH [3] Sylvain was describing but prescriptive as to the technology stack. Instead of HTTP or HTTPS (which is HTTP+TLS these days), replace the negotiation of the HTTP protocol with a PKI style 2 packet handshake over TCP that are in the form of JSON messages. All future (also encrypted JSON message) commands & responses are then processed using nodejs client/servers. Instead using a markup + stylesheets (or SVG or VRML or XForm or etc or W3C crap standard) as the presentation layer, specify & utilize Qt. Lastly, to support eventual replacement of the web (instead of wholesale replacement) create & support an open browser plugin so that seif clients/servers can be <EMBED>ed & utilized in the current set of web infrastructure. A new browser/client/mobile app is also supportable if a large infrastructure player (like a bank {PayPal} or healthcare provider or etc) can provide value through it. The specification is so far very high level and client/server examples are relatively new. I would have leaned towards extending a gopher protocol like solution. What I like: * Use of the PKI-style handshake for secure communication without CA infrstructure * Non-use of HTML/CSS * The use of JSON as command response language (almost anything is an improvement over HTTP though) * Use of an actual GUI command set What I dislike: * The specification of nodejs * The specification of Qt (I would have been ok even a new GUI lib but understand that this is compromise of what's available) * The invasive & prescriptive use of hardware for entropy collection * The lack of unencrypted fallback for human readable messages & debugging * The lack of a document mode (or text mode) vs. application mode [0] https://github.com/paypal/seifnode [1] https://github.com/paypal/seif-protocol/blob/master/examples/ [2] https://raw.githubusercontent.com/paypal/seif-protocol/master/doc/seifhandshake.html [3] http://lists.suckless.org/dev/1609/30541.html