Hi Jonathan! Jonathan Wilkes <jancs...@yahoo.com> wrote: > Does your design include perfect forward secrecy for the pairs > communicating over SMTorP?
We recommend using TLS over the Tor circuit, and will probably recommend using a cipher which provides PFS. However, encryption of the messages themselves (if they are encrypted) is using OpenPGP, which does not provide PFS. So if the user signs the message, there is no deniability. > Also, what is your plan to sustainably fund the GUI work, user studies, > and the work on professional documentation? (I.e., those aspects which > tend to get little to no attention in a free software community like > this one.) This is one of the hard parts of the project. We funded our first year of work using an IndieGoGo crowdfunding campaign, but that is not sustainable. We're exploring our options and are optimistic, but it is not a solved problem yet. If you (or anyone) has recommendations on this front we're all ears. - Bjarni -- I make stuff: www.mailpile.is, www.pagekite.net
signature.asc
Description: OpenPGP Digital Signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss