[messaging] WhatsApp & OWS team up
Tao Effect
contact at taoeffect.com
Tue Nov 18 12:01:03 PST 2014
> And I will, as seems to be *my* role here, recommend checking out keybase.io, which you can use without trusting, and provides what smells to me like extremely practical probabilistic key<=>person mapping confidence.
Keybase is about as good as you can get with a centralized system.
However, it creates an system that ends up being not very user friendly (especially when it comes to replacing lost or stolen keys). It's also a central point of failure.
And, for whatever reason, they replace personal everyone's email with their own @keybase.io email address, so your emails all go through their servers. As a centralized platform, I won't be surprised to see more of these walled-garden lock-in type things.
For secure communications systems, I prefer systems that no entity has a monopoly over, without central authorities or points of failure. They're more robust and less prone to tampering. The 51% attack is the worse that can happen with the blockchain, and it amounts only to censorship. The worst that can happen with a central authority, on the other hand, is total compromise.
Cheers,
Greg (i'm greg in the namecoin blockchain, but I prefer, eventually, to be greg at taoeffect.bit when that's figured out).
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
On Nov 18, 2014, at 11:42 AM, Tim Bray <tbray at textuality.com> wrote:
> On Tue, Nov 18, 2014 at 11:27 AM, Tao Effect <contact at taoeffect.com> wrote:
>> Cracking the usable key verification problem. This move brings WhatsApp to the same level of security as iMessage (or better, given the forward security), but WhatsApp/Facebook could still do a switcheroo on people's keys. TextSecure never really figured this out IMO - it still expects people to manually compare long strings of hex.
>
>
> I will, as seems to be my role here, recommend the blockchain and a system like DNSChain for solving this problem. :-)
>
> And I will, as seems to be *my* role here, recommend checking out keybase.io, which you can use without trusting, and provides what smells to me like extremely practical probabilistic key<=>person mapping confidence.
>
> - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/01c9c367/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/01c9c367/attachment.sig>
More information about the Messaging
mailing list