Well, the shared AES key for distant chat is a totally random key that is valid 
for a specific
triplet (chat invitation, source, destination). That is precisely what PFS 
achieves as well.

PFS needs to do it in a way that is safe to man in the middle attacks. That is 
why EDH in Retroshare
for instance uses authenticated diffye Helmann.

When you think about it, the two (SSL+EDH and RS distant chat) are very 
similar, but with a
different time frame. Of course, if you keep using the same chat invite for a 
long time, it is
similar to not renewing a PFS key during a long session. Not more.

What is the problem you are suspecting exactly?

On 05/11/2014 09:08 PM, Neal H. Walfield wrote:
> I was reviewing the chat service protocol as described here:
>
>   
> https://retroshareteam.wordpress.com/2013/08/08/distant-chat-and-messaging-using-generic-tunnels/
>
> I found the following description a bit worrisome:
>
>   Messaging and chat however need confidentiality. Therefore messages
>   are end-to-end encrypted. This is made possible by two different
>   mechanisms: distant chat uses a pre-shared symmetric AES key, that
>   is known only from the two chatting peers. Distant messages are
>   encrypted using the PGP public key of the destination and possibly
>   signed by the source.
>
> It seems that RS's chat protocol doesn't PFS or reputability.  See the
> paper on OTR for details of what this entails:
>
>   https://otr.cypherpunks.ca/otr-wpes.pdf
>
> Is this correct?  I'd appreciate any clarification!
>
> Thanks!
>
> :) Neal
>
>
> ------------------------------------------------------------------------------
> Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
> • 3 signs your SCM is hindering your productivity
> • Requirements for releasing software faster
> • Expert tips and advice for migrating your SCM now
> http://p.sf.net/sfu/perforce
> _______________________________________________
> Retroshare-devel mailing list
> Retroshare-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/retroshare-devel

------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Retroshare-devel mailing list
Retroshare-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/retroshare-devel

Reply via email to