Has anyone here looked at Pond? https://pond.imperialviolet.org/
Its by Adam Langley and while still very new and maybe in need of more review, it seems quite promising. On Mon, Sep 16, 2013 at 4:45 AM, Marco Pozzato <mpodr...@gmail.com> wrote: > Hi all, > > I'm looking for an asynchronous messaging protocol with support for forward > secrecy: I found some ideas, some abstract paper but nothing ready to be > used. > > OTR seems the preeminent protocol, but does not have support for > asynchronous communication. > This post https://whispersystems.org/blog/asynchronous-security/ describes > an interesting variation on OTR: the basic idea is to precalculate 100 > Diffie-Hellman and consume one at every new message. > > On the opposite side, for OpenPGP lovers, I found an old extension > http://tools.ietf.org/html/draft-brown-pgp-pfs-01 which adopt the same > approach, using many short-lived keys, which frequently expire (eg: every > week) and are deleted. > > They are both clever ideas to provide PFS, but what does it mean to the > average user? Let say that today I discover an attack run on 1st of August: > > OTR variation: I do not know which messages were wiretapped. 100 messages > could spawn few hours or two months. > OpenPGP: I know I lost messages sent in the first week of August. > > > What do you think about it? > > Marco > > > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography