Yeah congrats Nadim! Is there a succinct security properties doc somewhere? I know you've got the spec here:
https://github.com/PeerioTechnologies/peerio-client Are messages forward secure, for example? I couldn't find that info by skimming the docs. Also, my understanding is that users are still vulnerable to public key switcheroo attacks, and that your mitigation strategy is to use fingerprint based avatars. That's pretty good, it's essentially TOFU and makes it easier to notice that they change. However, some issues: 1. How do users recover from a compromised password? 2. Technical (easily fixed): you should show avatars in the chat view next to the user's name instead of hiding it in the contacts. User's need to become familiar with the avatars of everyone they chat with, otherwise they won't notice any change. Cheers! Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Jan 14, 2015, at 2:40 PM, [email protected] wrote: > I'm @zmanian on peerio if anyone wants to test it out. > > Congrats Nadim! > > I can see an obvious case for adoption of the system for NGOs, news > organizations, activist collectives. These groups are willing spend money on > better tools. > > It will be interesting to see if can case for ephemeral collaboration can > made in the conventional enterprise. > > > On Wed, Jan 14, 2015 at 2:35 PM, Mike Hearn <[email protected]> wrote: > Wired article on Nadim's new project: > > http://www.wired.com/2015/01/peerio-free-encryption-app/ > > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
