[messaging] Peerio

Tao Effect contact at taoeffect.com
Wed Jan 14 14:56:36 PST 2015 

Yeah congrats Nadim!

Is there a succinct security properties doc somewhere? I know you've got the spec here:

https://github.com/PeerioTechnologies/peerio-client

Are messages forward secure, for example? I couldn't find that info by skimming the docs.


Also, my understanding is that users are still vulnerable to public key switcheroo attacks, and that your mitigation strategy is to use fingerprint based avatars. That's pretty good, it's essentially TOFU and makes it easier to notice that they change.

However, some issues:

1. How do users recover from a compromised password?

2. Technical (easily fixed): you should show avatars in the chat view next to the user's name instead of hiding it in the contacts. User's need to become familiar with the avatars of everyone they chat with, otherwise they won't notice any change.

Cheers!
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Jan 14, 2015, at 2:40 PM, zaki at manian.org wrote:

> I'm @zmanian on peerio if anyone wants to test it out.
> 
> Congrats Nadim!
> 
> I can see an obvious case for adoption of the system for NGOs, news organizations, activist collectives. These groups are willing spend money on better tools.
> 
> It will be interesting to see if can case for ephemeral collaboration can made in the conventional enterprise.
> 
> 
> On Wed, Jan 14, 2015 at 2:35 PM, Mike Hearn <mike at plan99.net> wrote:
> Wired article on Nadim's new project:
> 
> http://www.wired.com/2015/01/peerio-free-encryption-app/
> 
> 
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
> 
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150114/65d381e7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150114/65d381e7/attachment.sig>

More information about the Messaging mailing list