Hi! BTW. Even Tor has centralized directory servers. And it does not really matter if the code there is open source or not, because you anyway cannot know if they are really running some particular code there or not.
Mitar On Thu, Jul 11, 2013 at 12:17 PM, Mitar <[email protected]> wrote: > Hi! > > On Thu, Jul 11, 2013 at 6:25 AM, Albert López <[email protected]> > wrote: >> Ok, I understand what you mean. But why rely in a client-server approach >> when you can achieve your goal with a peer to peer solution? > > Their answer is: > > "The way to make the system secure is that we can control the > infrastructure. Distributing to other servers makes it impossible to > give any guarantees about the security. We’ll have audits from trusted > third parties on our platforms regularily, in cooperation with our > community." > > Which is a bit hand-wavy if we assumed that server code can be closed > source if client part is done well enough that you don't have to think > about the server side and you still know that you are secure. :-) > > But my main and almost only argument was, that I think we should wait > for a bit more concrete information before discarding the idea. At > least I can imagine plausible ways to implement the system securely > and having it known security properties while retaining part of it > closed source and centralized. But we don't know much to make any real > claims. What is interesting though, is that: > > "We are building Heml.is on top of proven technologies, such as XMPP with > PGP." > > > Mitar > > -- > http://mitar.tnode.com/ > https://twitter.com/mitar_m -- http://mitar.tnode.com/ https://twitter.com/mitar_m -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
