> As an advanced user I also miss a kind of advanced stats/info screen and > en event log (see Orbot). I know I will probably find this info via > adb/logcat but from time to time I'd like to see some details even > without a PC.
Ok, I will check about showing the daemon log somewhere in the app. What kind of details/logs would you be interested to see ? > During your presentation I found no information about IPv6 > support although there was a lengthy part about NAT traversal > techniques. IPv6 isn't very popular yet but it is what brings end-to-end > Internet communication back to mere mortals. If Ring supports > communication over IPv6 then I'd like to see it in the "advanced stats" > (see above) and possibly choose (in "advanced settings") whether to > use/advertise IPv4/IPv6 addresses. Some IPv6 adresses are considerd > local and shouldn't be advertised anyway like RFC1918 in IPv4. On the > other hand some clients might choose to advertise them anyway. > User-configurable set of rules may be a solution here. PJNATH is essentially the last library we use missing IPv6 support. See https://trac.pjsip.org/repos/ticket/422 I agree that IPv6 support would be great, and on long term it would solve many NAT issues. > Are you sure SHA-1 is good enough? NIST recommends transition to SHA-2 > family of hash functions[2] and software developers follow this > recommendation, GnuPG being a notable example. We consider switching to a "better" hash function, however note that a MITM using this would be more complicated than a (not so simple) full pre-image attack, because of the constrains on the pre-image (that has to be a valid public key with a corresponding private key). > Have you considered public key algorithms other than RSA? You have > mentioned embedded devices as one of your targets and RSA isn't the most > efficient algorithm resource-wise. Elliptic curves with their short keys > seem to be a good choice nowadays. Both OpenSSH and GnuPG either use > today or are introducing usage of Daniel Bernstein's Curve25519. It has > several nice features: short 32-bytes keys, very simple key generation > procedure, fast constant time implementation available/possible. Yes, we also plan to support EC keys ! Because we have limited resources we need to prioritize things, so I can't tell when those features will be actually implemented. Help is welcome :-) RSA is relatively slow, but is not used in Ring to encrypt more than a single RSA block. OpenDHT will perform RSA+AES-GCM if the data to be encrypted is longer than a single RSA block. Best regards, Adrien
_______________________________________________ Ring mailing list [email protected] https://lists.savoirfairelinux.net/mailman/listinfo/ring
