[guardian-dev] Silent Text for Android - interesting feature

Natanael natanael.l at gmail.com
Sat Jul 27 17:29:02 EDT 2013 

There is one and only one way to properly implement automatic deletion
on the recipient side - through getting the recipient to agree.

My suggestion to make sure the users gets the expectations set right
is to simply have an *auto-delete request* with the messages, and the
recipient can decide if he wants to honor it or not (should be a
setting, not per message; and the recipient *should* also be honest to
the sender if he will honor it or not, but we can't enforce that kind
of honesty with code).

Trying to stop the recipient from keeping the decryption key can't be
done for as long as he controls his own hardware.

2013/7/27 Matej Kovacic <matej.kovacic at owca.info>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I mentioned this "burn notice" feature, because is is interesting and
> could be useful in some circumstances.
>
> Yes, there is an analog hole (assuming taking screenschoots of
> ChatSecure on a phone will be disabled in a future), but there is
> alano analog hole in ZRTP encrypted phone conversations (someone can
> set up a bug in your office/home/car).
>
> In general, yes, there is a problem of how to assure that the other
> party will delete message when requested.
>
> Have anyone thought of time stamping (time stamp should be a part of a
> crypto key) or using tokens (you can get only one token to decrypt
> message once)?
>
> P. S. It is just an idea, but could be interesting experiment - how to
> implement burn notice with opensource software (user can modify it's
> client) while having full control of your crypto keys?
>
> Regards,
>
> Matej
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlH0N+UACgkQT1/aw0fBttJx5ACgrXXnp41iqhQ1mLFRju73VHrW
> x7kAnjVvqyxbawAe8Nt4XCNnxGY2omNz
> =NkhB
> -----END PGP SIGNATURE-----
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com
>
> You are subscribed as: natanael.l at gmail.com

More information about the Guardian-dev mailing list