Thanks for all the comments so far!
Is there a reason you did not consider using OTR? Or another of the
many secure chat protocols?
We did not want to use OTR, because we do not want to have forward secrecy and
message deniability. Our idea is to built an encryption scheme that is
A MITM attack is more than just trusting your SSL cert or Facebook.
How do we know *you* aren’t secretly intercepting our messages? Does your
platform assume we have to trust *you*?
On Dec 18, 2013, at 3:36 AM, SafeChat.IM i...@safechat.im wrote:
Thanks for all the comments so far!
Is
The app/plugin will be open source, so you can see what we are doing. Messages
will only be sent to the Facebook XMPP server.
On Dec 18, 2013, at 4:24 PM, Jason Goldberg jgoldb...@oneid.com wrote:
A MITM attack is more than just trusting your SSL cert or Facebook.
How do we know *you*
Dear mailing list,
A friend and me are working on a plugin that enables encryption on top of
Facebook messaging. The idea is to encrypt messages before they leave the chat
client, sending only the cipher to Facebook and decrypt the message on the
receiver client, before it is displayed. The
In very general terms, you cannot hope to achieve confidentiality
without authenticity.
Your key exchange does not offer authenticity. I would suggest instead
having the user's keys be signing keys, and do straightforward signed
ephemeral ECDH. This should also gain you forward secrecy.
What safeguards do you have against a MITM attack?
On Dec 17, 2013, at 12:01 PM, SafeChat.IM
i...@safechat.immailto:i...@safechat.im wrote:
Dear mailing list,
A friend and me are working on a plugin that enables encryption on top of
Facebook messaging. The idea is to encrypt messages before
On Dec 17, 2013, at 10:01 , SafeChat.IM i...@safechat.im wrote:
A friend and me are working on a plugin that enables encryption on top of
Facebook messaging. The idea is to encrypt messages before they leave the
chat client, sending only the cipher to Facebook and decrypt the message on
Sounds just like the Bitcoin blockchain to me. Or maybe the fork Namecoin.
- Sent from my phone
Den 18 dec 2013 02:20 skrev James A. Donald jam...@echeque.com:
On 2013-12-18 04:38, Joseph Birr-Pixton wrote:
In very general terms, you cannot hope to achieve confidentiality
without
On 17/12/13 21:38 PM, Joseph Birr-Pixton wrote:
In very general terms, you cannot hope to achieve confidentiality
without authenticity.
Actually, you can achieve confidentiality, you just can't prove it in
cryptographic terms.
The original poster should not be dissuaded by claims that no