[messaging] WhatsApp & OWS team up

Mike Hearn mike at plan99.net
Wed Nov 19 02:51:04 PST 2014


>
> Do you need threshold signatures for this, or would a quorum of
> ordinary signatures work?
>

You need threshold RSA because the platform auto update mechanisms do not
support multiple signatures. They're all designed on the assumption of a
single software vendor who controls updates of their own products.

However, the mathematics is not the hard part of this (assuming the code I
have works). The hard part is designing the contracts between the different
auditing companies to be watertight, so the developers of an app that is
being threshold signed feel safe that they aren't going to lose control
over their own product except in the very specific area of security
guarantees. For example would those contracts govern UI changes that the
auditors feel might make the security harder to understand? Very tricky
area and never been done before so there are no templates to copy. Whoever
goes first will be cutting a path through the jungle for everyone else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/43c82696/attachment.html>


More information about the Messaging mailing list