On 4/18/15 4:47 AM, Kim Alvefur wrote:
Further,
I don't see why you couldn't have a bot that signs in to your account,
enables Carbons and then stores all messages in a local archive, which
could then be exposed via MAM to your other clients.
Right, that's what I'm suggesting.
The harder
On 2015-04-18 11:59, Thijs Alkemade wrote:
What do you mean with “SASL state”? All of the data the server has after a
SCRAM-SHA-1 exchange is either a) stored on the server, b) session specific.
You can’t derive a key from that which the server could not derive on its own.
During SCRAM, the
On 18 Apr 2015 11:34, Thijs Alkemade th...@xnyhps.nl wrote:
On 18 apr. 2015, at 11:59, Thijs Alkemade th...@xnyhps.nl wrote:
On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote:
1. When a user logs in for the first time, an asymmetric keypair is
created (I was thinking of
Further,
I don't see why you couldn't have a bot that signs in to your account,
enables Carbons and then stores all messages in a local archive, which
could then be exposed via MAM to your other clients.
--
Kim Zash Alvefur
signature.asc
Description: OpenPGP digital signature
On 18 apr. 2015, at 11:59, Thijs Alkemade th...@xnyhps.nl wrote:
On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote:
1. When a user logs in for the first time, an asymmetric keypair is
created (I was thinking of Curve25519, where key creation is almost
free). The private key
* Kim Alvefur z...@zash.se [2015-04-18 12:49]:
I don't see why you couldn't have a bot that signs in to your account,
enables Carbons and then stores all messages in a local archive, which
could then be exposed via MAM to your other clients.
How would that bot (or the off-server archive
* Peter Saint-Andre - yet pe...@andyet.net [2015-04-18 04:59]:
[MAM privacy concerns]
I wholeheartedly agree with you here, but I would like to see another
solution to this - use of asymmetric crypto storage on the server, a la
Lavabit:
1. When a user logs in for the first time, an asymmetric
On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote:
1. When a user logs in for the first time, an asymmetric keypair is
created (I was thinking of Curve25519, where key creation is almost
free). The private key is encrypted with a key derived from the user
password / SASL state
