I was reviewing the chat service protocol as described here: https://retroshareteam.wordpress.com/2013/08/08/distant-chat-and-messaging-using-generic-tunnels/
Advertising
I found the following description a bit worrisome: Messaging and chat however need confidentiality. Therefore messages are end-to-end encrypted. This is made possible by two different mechanisms: distant chat uses a pre-shared symmetric AES key, that is known only from the two chatting peers. Distant messages are encrypted using the PGP public key of the destination and possibly signed by the source. It seems that RS's chat protocol doesn't PFS or reputability. See the paper on OTR for details of what this entails: https://otr.cypherpunks.ca/otr-wpes.pdf Is this correct? I'd appreciate any clarification! Thanks! :) Neal ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ Retroshare-devel mailing list Retroshare-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/retroshare-devel
