On Tue, Jul 02, 2013 at 09:32:50AM +0200, Daniele Ricci wrote: > > (1) Matt's work on draft-miller-xmpp-e2e > > (2) OTR (potentially with future enhancements to make it more > > XMPP-friendly) > > > > Some energy is going into both of those (Paul Wouters and I plan to > > sync up at the IETF meeting at the end of July to work on an > > Internet-Draft providing informational documentation about OTR). Since > > you seem to care about this issue, your feedback would be welcome.
Both of these approaches do not protect meta-data (who is talking to whom) and allow for statistical attacks on the packets (guess what's inside by the size etc). More advanced forms of e2e messaging could be torchat and retroshare, although I'm not sure they provide forward secrecy. Since XMPP isn't suitable for keeping meta-data private I would presume that e2e privacy is out of scope for this mailing list, really. No comment on heml.is except that there is a solid lack of competence in its design. You don't do e2e with pgp over servers. That provides neither meta-data privacy nor forward secrecy. > Sure! Because my needs are "mobile-oriented", I have to implement some > e2e solution that works when both users are online or not (something > like offline-storage OTR?). Of course an "offline" solution is less That's the point in OTR: It does a DHE for forward secrecy, but that is only possible when both sides are online. What you can do for offline messages are to choose between these options: - Make the forward secrecy less "perfect" by keeping a DHE alive until both parties are online at the same time again for renegotiation.. - Use PGP until both are online again, but then warn the user that the message can be decrypted by authorities if his or her device gets seized by police. > safe than an online one, but of course there might be a compromise > (warning the user that e.g. forward secrecy might be compromised > because recipient is offline might be an option). Anyway, please keep > this in mind when you will discuss your new Internet-Draft. Yes, and you should also warn the user that if her smartphone still has the factory operating system there may already be an NSA backdoor in place before even installing any communications software. IMHO the only way to offer a confidential e2e communications experience over smartphones is by offering an operating system replacement with builtin onion routing messaging layer.. be it tor, retroshare or gnunet. XMPP is no longer appropriate for this scenario.