[Standards] RFC 3923 (e2e with S/MIME) and OpenPGP

Carlo v. Loesch CvL at mail.symlynX.com
Tue Jul 16 10:27:04 UTC 2013


On Tue, Jul 02, 2013 at 09:32:50AM +0200, Daniele Ricci wrote:
> > (1) Matt's work on draft-miller-xmpp-e2e
> > (2) OTR (potentially with future enhancements to make it more
> > XMPP-friendly)
> >
> > Some energy is going into both of those (Paul Wouters and I plan to
> > sync up at the IETF meeting at the end of July to work on an
> > Internet-Draft providing informational documentation about OTR). Since
> > you seem to care about this issue, your feedback would be welcome.

Both of these approaches do not protect meta-data (who is talking to
whom) and allow for statistical attacks on the packets (guess what's
inside by the size etc). More advanced forms of e2e messaging could
be torchat and retroshare, although I'm not sure they provide forward
secrecy.

Since XMPP isn't suitable for keeping meta-data private I would presume
that e2e privacy is out of scope for this mailing list, really.

No comment on heml.is except that there is a solid lack of competence in
its design. You don't do e2e with pgp over servers. That provides neither
meta-data privacy nor forward secrecy.

> Sure! Because my needs are "mobile-oriented", I have to implement some
> e2e solution that works when both users are online or not (something
> like offline-storage OTR?). Of course an "offline" solution is less

That's the point in OTR: It does a DHE for forward secrecy, but that is
only possible when both sides are online. What you can do for offline
messages are to choose between these options:
  - Make the forward secrecy less "perfect" by keeping a DHE alive until
    both parties are online at the same time again for renegotiation..
  - Use PGP until both are online again, but then warn the user that
    the message can be decrypted by authorities if his or her device
    gets seized by police.

> safe than an online one, but of course there might be a compromise
> (warning the user that e.g. forward secrecy might be compromised
> because recipient is offline might be an option). Anyway, please keep
> this in mind when you will discuss your new Internet-Draft.

Yes, and you should also warn the user that if her smartphone still
has the factory operating system there may already be an NSA backdoor
in place before even installing any communications software.

IMHO the only way to offer a confidential e2e communications 
experience over smartphones is by offering an operating system
replacement with builtin onion routing messaging layer.. be it
tor, retroshare or gnunet. XMPP is no longer appropriate for this scenario.




More information about the Standards mailing list