Hello, On Mon, 02 May 2016, George Kadianakis <[email protected]> wrote: > I'd like to present you a first version of Viola: a secure multiparty > messaging > system. It has been a side-project for the past month, and I'm glad to finally > push it out to the world :)
The idea looks interesting. I like that Viola aims on a secure yet practical multiparty "off-the-record" system, something that is apparently missing from the current privacy-enabling solutions. > On the protocol side, if you take a minute and understand the viola spec, you > will realize that it's actually a quite simple protocol with great potential > for improvements in every step. If you have a viola improvement in mind, I > invite you to hack the spec and the code, and actually implement and test the > improvement yourself. If you find a great improvement that works, please let > me > know! My main concern has to do with the long-term keys that appear to be necessary for the authenticated key exchange. If I understood correctly, the secure way to exchange these keys is through out-of-band means (OTR / AFK) and this looks against the property of practicality. This is of course an issue with all group messaging protocols. Since Viola introduces the concept of the "room captain", maybe it makes sense to make her responsible for authenticating the other peers for the very first time using OTR-like ways (question and answer, shared secret or manual fingerprint verification). After successful mutual authentication, the key exchange process may happen. Note though that this will expand the threat model; room captain should be an honest user and if she leaves another peer should take her place. > Have fun playing with Viola and please provide feedback!!! Hopefully more people will join this conversation. Cheers, George Chatzisofroniou _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
