<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Yeah congrats Nadim!<div><br></div><div>Is there a succinct security properties doc somewhere? I know you've got the spec here:</div><div><br></div><div><a href="https://github.com/PeerioTechnologies/peerio-client">https://github.com/PeerioTechnologies/peerio-client</a></div><div><br></div><div>Are messages forward secure, for example? I couldn't find that info by skimming the docs.</div><div><br></div><div><br></div><div>Also, my understanding is that users are still vulnerable to public key switcheroo attacks, and that your mitigation strategy is to use fingerprint based avatars. That's pretty good, it's essentially TOFU and makes it easier to notice that they change.</div><div><br></div><div>However, some issues:</div><div><br></div><div>1. How do users recover from a compromised password?</div><div><br></div><div>2. Technical (easily fixed): you should show avatars in the chat view next to the user's name instead of hiding it in the contacts. User's need to become familiar with the avatars of everyone they chat with, otherwise they won't notice any change.</div><div><br></div><div>Cheers!</div><div>Greg Slepak</div><div><br></div><div><div apple-content-edited="true"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">--</span><br style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">Please do not email me anything that you are not comfortable also sharing</span><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"> with the NSA.</span>
</div>
<br><div><div>On Jan 14, 2015, at 2:40 PM, <a href="mailto:zaki@manian.org">zaki@manian.org</a> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">I'm @zmanian on peerio if anyone wants to test it out.<br><br><div>Congrats Nadim!<br><br>I can see an obvious case for adoption of the system for NGOs, news organizations, activist collectives. These groups are willing spend money on better tools.<br><br>It will be interesting to see if can case for ephemeral collaboration can made in the conventional enterprise.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><br></div></div><div class="gmail_quote">On Wed, Jan 14, 2015 at 2:35 PM, Mike Hearn <span dir="ltr"><<a href="mailto:mike@plan99.net" target="_blank">mike@plan99.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Wired article on Nadim's new project:<div><br></div><div><a href="http://www.wired.com/2015/01/peerio-free-encryption-app/" target="_blank">http://www.wired.com/2015/01/peerio-free-encryption-app/</a><br></div><div><br></div><div><br></div></div>
<br>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
<br></blockquote></div><br></div></div>
_______________________________________________<br>Messaging mailing list<br><a href="mailto:Messaging@moderncrypto.org">Messaging@moderncrypto.org</a><br>https://moderncrypto.org/mailman/listinfo/messaging<br></blockquote></div><br></div></body></html>