[messaging] Summary of discussion session at USENIX HotSec
Daniel Roesler
diafygi at gmail.com
Wed Aug 20 12:08:45 PDT 2014
>
> *Perhaps work in this space should focus on security against a passive
> adversary first, which can be done with ~0 changes to the UI (examples
> include Apple iMessage and BBM Protected). In practice, this covers 90-99%
> of threat models depending on who you ask. Others in the room were
> uncomfortable both philosophically and practically (post-Snowden) with
> accepting the ability for a central party to perform MITM attacks. The room
> generally agreed it is a worthwhile goal for the EFF and others to push
> large providers not providing any E2E encryption to do so, even with
> centralized public key servers to start with.
>
This is a very interesting topic! Has there been discussion on this
before that I can read? 0 UI/behavior changes for users seems like a
very valuable advantage for this approach and worth the trade-off only
being able to stop a passive adversary.
More information about the Messaging
mailing list