[messaging] Summary of discussion session at USENIX HotSec

Joseph Bonneau jbonneau at gmail.com
Wed Aug 20 17:07:31 PDT 2014


On Wed, Aug 20, 2014 at 1:23 PM, Tom Ritter <tom at ritter.vg> wrote:

> On 20 August 2014 12:33, Joseph Bonneau <jbonneau at gmail.com> wrote:
> > *We discussed some of the challenges around group chat and why it is
> > fundamentally different than 2-party chat. Most of the room yawned at
> this
> > discussion. The feeling was that 2-party chat still is predominant (and
> > probably will continue to be). We may need stronger evidence that users
> > really care about multi-party chat to justify the high complexity this
> adds
> > to messaging protocols (which raises the possibility of bugs and has a
> real
> > security cost). We could also use stronger evidence of what UX users
> > actually want out of a multi-party chat client.
>
> I'm surprised by this, it isn't actually my experience.  But perhaps
> the issue isn't that a majority of people use group chat, but that a
> majority of people expect group chat to be available if they want to
> use it. GChat, Facebook Chat and iMessage all have group chat
> functionality and if one were to remove it, I'm not sure people would
> be happy.


As I said, that's not my opinion. I've certainly operated under the
assumption that group chat is an important problem that must be solved in
the long run. I think it's a good perspective though-if users very rarely
have sensitive multiparty chats, it may not be worth building around this
case if it distracts us from solving the 99% case well.

Not supporting multiparty chat at all may be a bad choice if people end up
switching to something insecure because they want a group chat. But it
might be worth discussing simpler models like pairwise two-party chat which
is vulnerable to a malicious participant re-ordering messages. What if
people rarely have group chats, and when they do it's typically with a
small group of people they generally trust?

It would of course be nice to have some data on what use cases people
actually want and would use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140820/bae5b003/attachment.html>


More information about the Messaging mailing list