I was reviewing the chat service protocol as described here:


I found the following description a bit worrisome:

  Messaging and chat however need confidentiality. Therefore messages
  are end-to-end encrypted. This is made possible by two different
  mechanisms: distant chat uses a pre-shared symmetric AES key, that
  is known only from the two chatting peers. Distant messages are
  encrypted using the PGP public key of the destination and possibly
  signed by the source.

It seems that RS's chat protocol doesn't PFS or reputability.  See the
paper on OTR for details of what this entails:


Is this correct?  I'd appreciate any clarification!


:) Neal

Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
Retroshare-devel mailing list

Reply via email to