On 5/11/18, Ola Bini <o...@olabini.se> wrote: > Yeah, I agree about all these points - we have internally discussed > both video and audio, and the many shortcomings with current > solutions. OTRv4 could be used for those kinds of solutions, just as > OTRv3 could (using the symmetric key, for example). But full solutions > would require a very different concept and project. Personally, the > authentication mechanisms used in ZRTP and SRTP are starting to feel > very scary, in the modern age of good enough voice faking etc.
Therefore I will use voice chat only when people insist on it and try to avoid discussing sensitive topics. Man this sucks. > I strongly disagree. No matter how skilled a developer is, a larger > library means more internal complexity, something that has been shown > increases the likelihood of bugs. I don't trust any developer, no > matter how skilled, to not make mistakes. =) It doesn't necessarily increase complexity as more often than not it's just a well-curated collection of primitives with a common abstraction on top. I still understand what you're saying and don't really disagree, but I don't consider trusting 5 independent projects an improvement over trusting just gcrypt, sodium and one of the OpenSSL branches. Either way this is a philosophical and highly speculative topic, no need in going on. I believe we've had different priorities and possibly different experiences with software quality and have therefore formed different preferences. Nothing unusual or surprising there. _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
