> > *Perhaps work in this space should focus on security against a passive > adversary first, which can be done with ~0 changes to the UI (examples > include Apple iMessage and BBM Protected). In practice, this covers 90-99% > of threat models depending on who you ask. Others in the room were > uncomfortable both philosophically and practically (post-Snowden) with > accepting the ability for a central party to perform MITM attacks. The room > generally agreed it is a worthwhile goal for the EFF and others to push > large providers not providing any E2E encryption to do so, even with > centralized public key servers to start with. >
This is a very interesting topic! Has there been discussion on this before that I can read? 0 UI/behavior changes for users seems like a very valuable advantage for this approach and worth the trade-off only being able to stop a passive adversary. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
