[Standards] Easy XMPP
xramtsov at gmail.com
Wed Jan 18 14:15:40 UTC 2017
Wed, 18 Jan 2017 08:53:14 -0500
Brian Cully <bcully at gmail.com> wrote:
> Whether they know about it or not, people do need to have encryption.
> It’s a complicated, esoteric thing that they shouldn’t have to know
> about but do silently benefit from. In the dreaded car analogy: how
> many users discuss limited slip differentials? Does that mean there
> shouldn’t be engineering resources behind it?
The analogy with cars is absolutely inadequate, that's the problem a
lot of crypto guys run into. Typical IM user doesn't have such severe
consequences as from a car crash if someone reads his message. Most of
the time IM messages possesses no sensitive data, especially for users
chatting with friends and relatives (the use case we want spread,
right?). For those sending sensitive data encryption is required.
I personally don't need e2e encryption, because I don't want all its
drawbacks: I don't want to lose all my archived messages if I lose a
phone, I don't want to read crap instead of messages from the resource
unsupporting e2e, I don't want to mess with key storage, I don't want to
choose which protocol to use (OTR (several versions), Axolotl, Olm - XSF
repeats the same mistake as with file transfer here).
More information about the Standards