---------- Forwarded message ---------- From: Lee Azzarello <[email protected]> Date: Sat, Sep 14, 2013 at 8:12 AM Subject: Re: [guardian-dev] Fwd: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies) To: Nathan of Guardian <[email protected]> Cc: guardian-dev <[email protected]>
We have a federated telephony system and there is a draft to standardize ZRTP for key agreement in WebRTC. So that's going well. -lee On Sat, Sep 14, 2013 at 9:05 AM, Nathan of Guardian <[email protected]> wrote: > > > ________________________________ > From: "Fabio Pietrosanti (naif)" <[email protected]> > Sent: Sat Sep 14 06:03:19 EDT 2013 > To: liberationtech <[email protected]> > Subject: [liberationtech] The missing component: Mobile to Web > interoperability (in Internet Freedom Technologies) > > Hi all, > > i would like to notice that in those "internet freedom space" there's a > missing component in the communication security landscape, that's the > ability to interoperate between "Web" and "Mobile" for communication > security technologies. > > The user have only those two platform, a browser and a mobile phone with > downloadable apps. > Everything else requiring to install an application over a desktop computer > is IMHO destinated to be a total failure. > > So, if that's a valid assumption, we need focus on having "internet freedom > technologies" working on a web browser and as mobile phone apps, being > interoperable among them > > Everything else is IMHO a waste of time and money. > > Let me identify 3 major area where those kind of stuff should apply: > > Realtime Instant Messaging: > Web Browsers support, trough CryptoCat, realtime instant messaging with OTR > Mobile Client support, trough Gibberbot, ChatSecure, TextSecure realtime > instant messaging with OTR > > The GAP is: The technologies are not "interoperating by default" but they > could and should do it, by default. > > Voice: > Web Browsers now speak WebRTC with DTLS-SRTP encrypted communications. > Mobile Clients now speak ZRTP for encrypted communications. > > The GAP is: We need Mobile Clients that interoperate with Web Browsers > trough WebRTC, within a federated telephony system. > > Asyncronous Instant Messaging: > That's a major issue, because there's no easy end-to-end encryption standard > handling asyncronous messaging with PFS (SMS-like experience), and each > vendor is going with it's own custom implementation. > RedPhone used it's own approach: > https://whispersystems.org/blog/asynchronous-security/ > Silentcircle used it's own approach: > https://business.silentcircle.com/scimp-protocol/ > > There's not event an interoperable and standard way to do secure Asyncronous > instant messaging (SMS or skype like experience), with end to end encryption > and forward secrecy. > > The only "standard" alternative is to use email with OpenPGP, but without > any kind of "forward secrecy" > > The GAP is: We need to first research and agree on an IETF standard for that > technology, then have it implemented over Mobile phones and Web Browsers. > > > I hope this short analysis would trigger a discussion and/or a brainstorming > by our ecosystem player on which could be some priority to work on, looking > for a challenging interoperability between a Web Browsers and Mobile phones. > > -- > Fabio Pietrosanti (naif) > HERMES - Center for Transparency and Digital Human Rights > http://logioshermes.org - http://globaleaks.org - http://tor2web.org > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected]. > > > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info > > You are subscribed as: [email protected] > _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/ycompanys%40gmail.com You are subscribed as: [email protected] -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
