[messaging] Session at 31C3

Jeff Burdges burdges at gmail.com
Mon Dec 22 12:58:44 PST 2014

Excellent!  I’d love to discuss several issues with Pond.

Pond stuff that I’ve thought out some : 

-  Any comments on the “social” feature I sent a pull request for here  https://github.com/agl/pond/pull/144  especially on the feedback questions listed in that pull request, including the social graph records?

- Any thoughts on how we should do fingerprints in Pond?  We *cannot* encourage users to post publicly any data that provides a “selector” in the sense that it ties their real life identity to their post identity key, which the server knows.  As I pointed out here  https://github.com/agl/pond/pull/147#issuecomment-66561214  that identity key can be derived from the regular pond public key.  I suspect the only realistic way to provide a “Pond fingerprint” that’s safe to post publicly, like on your twitter account, is to give Pond a third public-private key pair that the server never sees.  

- Assuming yes : What should this third key pair be?  Another EC?  A massive RSA key?  etc.  What other factors should be taken into consideration?  

- Should we interact with GPG allowing it to sign/encrypt a ratchet value so that people who already have GPG keys can use it to authenticate a Pond connection? 

- Who wants to help us with writing an Android GUI for Pond?

Pond stuff that I haven’t really thought out too well :

- Who wants to do a Windows (GTK) port?  Not it!  

- Should pond have a mode of operation where it picks up possible messages from the server, but cannot read its own state file, messages it receives, etc. until the user logs back in?  This would be a serious change to the protocol and might require that third key pair.

- How do we make Pond more scalable?  Add account migration options?  Should we base that on the social feature from pull/144?  Should we do something using third key pair for that?  etc.

- The social feature in pull/144 attempt to expose MITM attacks through introduced triangles of honest users.  Example : Our eavesdropper Eve introduces Alice to Bob buy really makes them both talk to her spy account Eve2.  Alice and Bob independently meet Carol, who eventually introduces them.  As Eve2 is neither Alice nor Bob, Carol’s introduction creates an Alice2 for Bob and a Bob2 for Alice, which might raise suspicion about both Carol and Eve, hopefully exposing Eve.  Can we do better?  There are various levels of this question including : How do you best detect pet names that might represent the same person?  How should you communicate that an contact was introduced over pond?  etc.

- Should we do real group messaging?  How?  We could allow special pond accounts that use group signature scheme keys to pick up their messages.  This seems to be something that’d come after the scalability issues because it requires a Pond client being able to deal with multiple pond accounts. 

- Should we ever provide direct file transfer or instant messaging conversations?  How?  We could use the Tor hidden service protocol by creating an introducer, but avoid making an entry ing the hidden service DHT, or even encrypting one like with stealth hidden services, by transmitting the introducer information directly over a pond message.  Should this really be a separate project? 

See ya there!

p.s.  You should invite Tor Messanger folk too :

On 22 Dec 2014, at 7:13, Ximin Luo <infinity0 at pwned.gg> wrote:

> For those of you going to 31C3, we are going to meet up and find a side room to have a discussion in:
> https://events.ccc.de/congress/2014/wiki/Session:Messaging
> We'll be focusing on technical points and specific areas of work to be doing next year. I'll add potential agenda items over the next few weeks; please feel free to make suggestions.
> The suggested time slot is preliminary; please let me know off-thread if you'd prefer a different slot.

More information about the Messaging mailing list