[messaging] pond alike lists (was: pond alike group messaging)
Mike Hearn
mike at plan99.net
Thu Jun 18 07:30:42 PDT 2015
Hi Azul,
You are right that typical web/LAMP stacks are quite vulnerable. I tried to
dodge that problem by saying "tightly written", seeing as you are
suggesting making a new system that would have to be tightly written anyway
:)
One thing I've been having fun with lately is the combination of the Orchid
library and the new features introduced in the very latest versions of
Java. It turns out you can make an app that connects via Tor to hidden
services without needing Tor installed at all, without the user needing
Java installed (there's a bundler) and of course all your networking code
is free of buffer overflows or double frees or XSS or XSRF attacks. And it
all works on Android and (via RoboVM) iOS too.
For instance, you could imagine a kind of forum server and forum browser
client that's not based on rather fragile web technologies but something
more robust.
Anyway, I'm getting distracted - my basic point is, you can attack the
untrusted server problem from several angles. One is you can use fancy
crypto like Pond does, to try and blind the server to as much as possible.
The other is that when your discussion group has some kind of administrator
*anyway*, you can just have the administrator run their own server.
Which is easier? I don't know. Running your own server might seem
implausible but imagine a client that has really good offline/background
sync abilities. For async group discussion, if the server does not have
full availability, it may not matter as long as the software can recover.
For instance is running a small discussion server on the administrators
mobile phone an engineering possibility? It may sound unlikely, but unless
we're talking about a hugely popular reddit-style forum here, it could work.
If you feel it's vital that the administrator doesn't get access to precise
message timestamps and the like, then I agree - you need to split running
the forum between a semi-trusted admin and a semi-trusted server. And that
requires Pond style crypto.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150618/a1eadcdb/attachment.html>
More information about the Messaging
mailing list